FortiSandbox Endpoint Validation Tool

This Python script is a utility designed to evaluate the exposure and configuration state of a FortiSandbox deployment through publicly reachable management endpoints...

EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2026-2400)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : iommu/sva: invalidate stale IOTLB entries for kernel address spaceCVE-2025-71202 iommu: disable SVA when CONFIGX86 is...

CVE-2026-44321

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...

Lumiverse 参数注入漏洞

Lumiverse is a full-featured AI chat application suite developed by Prolix OCs’ individual developers. Versions of Lumiverse prior to 0.9.7 contained a parameter injection vulnerability. This vulnerability stemmed from the MCP server creating endpoint validation commands without verifying the arg...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fixed an issue in usbnetstartxmit/usbsubmiturb. The syzbot fuzzer identified a problem with the usbnet driver: usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504,...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check that the endpoint is valid before dereferencing it When the host controller is not responding, all URBs User-Randomized Block Structures queued for all endpoints need to be terminated. This can cause a kernel pan...

CVE-2026-44826 Vvveb: Vvveb CMS — Negative-quantity cart manipulation allows creation of orders with negative grand totals

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: net: sierra: check for no status endpoint The driver checks whether it has three endpoints, as well as endpoints for bulk in-and-out operations. However, it does not check whether the third endpoint is an interrupt input. Th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: HID: hid-thrustmaster: fixed OOB read in thrustmasterinterrupts Syzbot reported a slab-out-of-bounds Read in thrustmasterprobe. The root cause is the lack of validation check for the actual number of endpoints. Code should not...

Exploit for CVE-2026-41940

A companion tool for the watchTowr CVE-2026-41940 authentication...

CVE-2026-24231

NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL referencing the 0.0.0.0/8 address range through a blueprint configuration file or CLI flag. A successful...

SUSE CVE-2026-31615

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

Linux Distros Unpatched Vulnerability : CVE-2026-31615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the...

EUVD-2026-25508

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesasusb3: validate endpoint index in standard request handlers The GETSTATUS and SET/CLEARFEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by...

PT-2026-34967

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The renesas usb3 gadget driver fails to validate the endpoint index provided by the host in the wIndex variable within the 'GET STATUS' and 'SET/CLEAR FEATURE' standard request handlers...

CVE-2026-30968

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, the SSE endpoint /sse/v1/... in Coral Server did not strongly validate that a connecting agent was a legitimate participant in the session. Th...

net: usb: kalmia: validate USB endpoints

...

net: usb: kaweth: validate USB endpoints

...

CVE-2026-23290

A flaw was found in the Linux kernel's pegasus driver. A malicious USB device can exploit this vulnerability by not presenting the expected number and types of USB endpoints. This lack of proper validation causes the driver to blindly access uninitialized endpoints, leading to a system crash and ...

SUSE CVE-2026-23365

In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not ha...