EUVD-2026-25563

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causin...

CVE-2026-31670

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causin...

CVE-2026-31625

CVE-2026-31625 concerns the Linux kernel HID alps driver, where a NULL pointer dereference could occur when processing raw events. The root cause was insufficient verification of device claiming before handling a raw event, which could lead to system instability. The fixed trajectory includes com...

CVE-2026-31625

In the Linux kernel, the following vulnerability has been resolved: HID: alps: fix NULL pointer dereference in alpsrawevent Commit ecfa6f34492c "HID: Add HIDCLAIMEDINPUT guards in rawevent callbacks missing them" attempted to fix up the HID drivers that had missed the previous fix that was done i...

EUVD-2026-25467

In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the nexteventforced flag The prevention mechanism against timer interrupt starvation missed to reset the nexteventforced flag in a couple of places: - When the clock event state changes. That ca...

CVE-2026-31574

CVE-2026-31574 concerns the Linux kernel clockevents subsystem. The issue arises from missing resets of the next_event_forced flag in several code paths, including during clock event state changes, when arming a non-forced event, and in the suspend wakeup handler. This can leave the flag stale ac...

EUVD-2026-25406

The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissionsread permission callback unconditionally returns true via returntrue instead of checking for...

PT-2026-34864

The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissions read permission callback unconditionally returns true via return true instead of checking for...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an absence of limits on the number of rfkill events. This vulnerability may lead to the creation ...

PT-2026-35022

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the net: rfkill subsystem allows userspace to create an unlimited number of rfkill events if the system is configured to do so and the events are not consumed from the rfkill...

PT-2026-34926

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the clockevents prevention mechanism against timer interrupt starvation occurs because the next event forced flag is not reset in certain scenarios. This failure happens when t...

Security Bulletin: Due to use of spring-web-6.2.16.jar, IBM Sterling Connect:Direct Web Services is affected by stream corruption issue when using Server-Sent Events (SSE).

Summary spring-web-6.2.16.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22735. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation...

SUSE CVE-2026-31528

In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmuctx-pmu for groups Oliver reported that x86pmudel ended up doing an out-of-bound memory access when groupschedin fails and needs to roll back. This should be handled by the transaction callbacks, but he...

CVE-2026-41182 LangSmith SDK: Streaming token events bypass output redaction

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

EUVD-2026-25152

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

CVE-2026-41182 LangSmith SDK: Streaming token events bypass output redaction

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

CVE-2026-41182

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), ch.admin.bit.jeap:jeap-audit-command-builder (>=7.0.0-alpha-springboot4 <=7.1.0-alpha-springboot4) +688 more potentially affected by CVE-2026-40976 via org.springframework.boot:spring-boot-security (>=4.0.0-M1 <=4.0.5)

org.springframework.boot:spring-boot-security MAVEN version =4.0.0-M1, =0.2.0, =7.0.0-alpha-springboot4, =2.0.0-alpha-springboot4, =5.0.0-alpha-springboot4, =9.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4,...

LangSmith Client SDKs 信息泄露漏洞

LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. LangSmith Client SDKs have a vulnerability related to information leakage, which stems from the fact that output editing controls do not apply to streaming token events, potentially leading to sensitive LLM outputs being...

CVE-2026-41455

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the URL scheme field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...