xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

PT-2026-27755

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel tracing subsystem contains a flaw in the dma map sg tracepoint. When tracing large scatter-gather lists, the tracepoint can trigger a buffer overflow due to exceeding th...

PT-2026-26051

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Linux kernel perf event subsystem during ring buffer management. The issue occurs in the perf mmap function when a mmap setup fails and a concurrent mmap i...

PT-2026-8147

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the mac80211 module related to the handling of TID-To-Link Mapping TTLM elements. Specifically, the parsing of TTLM elements with a default link map i...

PT-2026-6163

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A flaw exists in the Linux kernel's ksmd and smbd components related to the dma unmap sg function. The issue arises because dma unmap sg is called with an incorrect number of segments,...

PT-2026-8197

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.18-rc1 and later Description The CephFS kernel client contains a flaw in the ceph mds auth match function where a NULL pointer dereference can occur if fs name is NULL. This issue arises during authorization checks with...

PT-2026-7991

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the nf tables packet-filtering subsystem of the Linux kernel. The flaw is located in the nft map catchall activate function, which contains an inverted...

PT-2026-27724

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the bpf subsystem, specifically in the devmap functionality. The get upper ifindexes function iterates through upper devices and writes their...

PT-2026-27717

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to the freeing of EFI boot services memory. The efi free boot services function incorrectly uses memblock free late to free memory reserved wit...

Exploit for Improper Restriction of XML External Entity Reference in Geoserver

During my geoserver analysis I found another way to attack una...

SUSE CVE-2022-50880

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: add peer map clean up for peer delete in ath10kstastate When peer delete failed in a disconnect operation, use-after-free detected by KFENCE in below log. It is because for each vdevid and address, it has only one...

WordPress WP Google Map plugin < 1.9.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP Google Map versions 1.9.4...

WordPress CBX Map for Google Map & OpenStreetMap plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin CBX Map for Google Map & OpenStreetMap versions = 2.0.1...

WordPress Simple Map No Api plugin <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by zaim in WordPress Plugin Simple Map No Api versions = 1.9...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992872)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992872 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix NULL pointer derefernce in hnsrocemapmrsg ibmapmrsg allows ULPs to specify NULL as...

Linux Distros Unpatched Vulnerability : CVE-2022-50880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath10k: add peer map clean up for peer delete in ath10kstastate When peer delete failed in a disconnect operation, use-after-free detected by KFENCE in...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992810)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992810 advisory. In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When ofirqparseraw is...

Linux Distros Unpatched Vulnerability : CVE-2023-54222

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hte: tegra-194: Fix off by one in tegrahtemaptolineid The mapsz is the number of elements in the m array so the comparison needs to be changed to = to prevent a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992796)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992796 advisory. In the Linux kernel, the following vulnerability has been resolved: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption The TPM event log table is...

EUVD-2023-60521

In the Linux kernel, the following vulnerability has been resolved: bpf: Address KCSAN report on bpflrulist KCSAN reported a data-race when accessing node-ref. Although node-ref does not have to be accurate, take this chance to use a more common READONCE and WRITEONCE pattern instead of datarace...