CVE-2026-23248

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix refcount bug and potential UAF in perfmmap Syzkaller reported a refcountt: addition on 0; use-after-free warning in perfmmap. The issue is caused by a race condition between a failing mmap setup and a concurrent mm...

CVE-2026-23248 perf/core: Fix refcount bug and potential UAF in perf_mmap

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix refcount bug and potential UAF in perfmmap Syzkaller reported a refcountt: addition on 0; use-after-free warning in perfmmap. The issue is caused by a race condition between a failing mmap setup and a concurrent mm...

Linux Distros Unpatched Vulnerability : CVE-2026-23248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perf/core: Fix refcount bug and potential UAF in perfmmap Syzkaller reported a refcountt: addition on 0; use-after-free warning in perfmmap. The issue is caused...

GHSA-2HCP-GJRF-7FHC Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

DefaultHtmlErrorResponseBodyProvider in io.micronaut:micronaut-http-server since 4.7.0 and until 4.10.7 used an unbounded ConcurrentHashMap cache with no eviction policy. If the application throws an exception whose message may be influenced by an attacker, for example, including request query...

CLSA-2026-1773768935 Fix CVE(s): CVE-2026-25968, CVE-2026-25986, CVE-2026-25987

SECURITY UPDATE: stack buffer overflow in MSL opacity attribute parser - debian/patches/CVE-2026-25968.patch: replace fixed-size stack buffer with heap-allocated string and add length check - CVE-2026-25968 SECURITY UPDATE: heap buffer overflow write in YUV 4:2:2 image processing -...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the Unmarshal, UnmarshalAsMap, UnmarshalAsArray, and Marshal functions, which invoke Decode. An attacker can cause a panic with truncated fixext data that triggers an out-of-bounds read. Note: This vulnerability i...

CLSA-2026-1773683117 gimp: Fix of 4 CVEs

CVE-2026-2044: fix uninitialized memory read in PGM file parser - CVE-2026-2045: fix heap buffer overflow in XWD file loader - CVE-2026-2048: fix out-of-bounds write in XWD file loader - CVE-2026-0797: fix missing fread return value checks in ICO file loader...

[SECURITY] Fedora 43 Update: qgis-3.44.8-1.fc43

Geographic Information System GIS manages, analyzes, and displays databases of geographic information. QGIS supports shape file viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection on-the-fly, map composition, and a number of other features via a plugin interface. QGIS al...

Security update for qemu (moderate)

openSUSE security update: security update for qemu ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20357-1 Rating: moderate References: bsc1255400 bsc1256484 bsc1257474 bsc1257492 Cross-References: CVE-2025-14876 CVE-2026-0665 CVSS scores:...

Investigating a New Click-Fix Variant

Disclaimer : This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publication. The content...

RHEL 9 : podman (RHSA-2026:4533)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4533 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

CVE-2026-32118

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...

CVE-2026-32118

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...

EUVD-2026-11387

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...

CVE-2026-32118 OpenEMR has Stored XSS in Graphical Pain Map legend via unescaped annotation text

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...

CVE-2026-32118 OpenEMR has Stored XSS in Graphical Pain Map legend via unescaped annotation text

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...

CVE-2026-32118

OpenEMR contains a Stored XSS vulnerability in the Graphical Pain Map (clickmap) form, present before version 8.0.0.1. An authenticated clinician can inject arbitrary JavaScript via unescaped annotation text, which executes in the browser of every subsequent viewer of the affected encounter form....

CVE-2026-32118 OpenEMR has Stored XSS in Graphical Pain Map legend via unescaped annotation text

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...

PT-2026-24839

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...