CVE-2026-10868

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

SUSE CVE-2025-39875

In the Linux kernel, the following vulnerability has been resolved: igb: Fix NULL pointer dereference in ethtool loopback test The igb driver currently causes a NULL pointer dereference when executing the ethtool loopback test. This occurs because there is no associated qvector for the test ring...

DEBIAN-CVE-2025-39875

In the Linux kernel, the following vulnerability has been resolved: igb: Fix NULL pointer dereference in ethtool loopback test The igb driver currently causes a NULL pointer dereference when executing the ethtool loopback test. This occurs because there is no associated qvector for the test ring...

CVE-2025-39875

CVE-2025-39875: Linux kernel igb driver NULL pointer dereference during ethtool loopback test due to missing q_vector for test ring. The fix adjusts the __xdp_rxq_info_reg() call by using 0 as napi_id (since napi_id isn't needed after commit 5ef44b3cb43b), preventing NULL dereferences when ethtoo...

📄 libxslt xmlFreeID Use-After-Free

libxslt suffers from a heap use-after-free vulnerability in xmlFreeID caused by atype corruption. Vulnerability details In xsltutils.c: int xsltSetSourceNodeFlagsxsltTransformContextPtr ctxt, xmlNodePtr node, int flags if node-doc == ctxt-initialContextDoc ctxt-sourceDocDirty = 1; switch node-typ...

UBUNTU-CVE-2025-37952

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in closefiletableids A use-after-free is possible if one thread destroys the file via ksmbdclosefd while another thread holds a reference to it. The existing checks on fp-refcount are not sufficient to prevent this...

kernel: wifi: iwlwifi: mvm: guard against invalid STA ID on removal

An out-of-bounds memory access flaw was found in the Linux kernel’s Wireless WiFi Link Next-Gen AGN driver in how a user removes it. This flaw allows a local user to crash or potentially escalate their privileges on the system...

GHSA-3633-5H82-39PQ Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata

Issue If an attacker is able to control a threshold of keys to insert the same public key more than once with different key IDs into signed, trusted metadata on a TUF repository, then go-tuf clients 0.3.2 are susceptible to an attack where attackers can cause the same signature from the same publ...

USN-5115-1: Linux kernel (OEM) vulnerabilities

It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information WiFi network traffic. CVE-2020-3702 Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF...