OESA-2026-2161 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious...

CVE-2026-7689

Dolibarr ERP/CRM (up to 23.0.2) is affected by a vulnerability in the Online Signature Module versioning, where dol_verifyHash in htdocs/core/lib/security.lib.php mishandles cryptographic signature verification. This allows a remote attacker to potentially leverage a flawed signature check; explo...

CVE-2026-7689 Dolibarr ERP CRM Online Signature security.lib.php dol_verifyHash signature verification

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

EUVD-2026-26827

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dolverifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

CVE-2026-7687 langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

CVE-2026-7687 langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

Dolibarr ERP CRM 数据伪造问题漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM prior to 23.0.2 contained a data manipulation vulnerability. This vulnerability stemmed from a function in the Online Signature Module’s htdocs/core/lib/security.lib.php...

Langflow 注入漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.4 and earlier have a injection vulnerability, which stems from a function in the component Full Builtins Module Handler: CodeParser.parsecallabledetails...

PT-2026-36693

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dol verifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The...

Exploit for CVE-2026-42167

CVE-2026-42167 Master Exploit Tool A professional security re...

crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed

...

CVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warnings

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix pass-by-value structs causing MSAN warnings vidtvtsnullwriteinto and vidtvtspcrwriteinto take their argument structs by value, causing MSAN to report uninit-value warnings. While only vidtvtsnullwriteinto has...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 check Quick, read-only checker for the algif...

SUSE CVE-2026-31699

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an invalid length, i.e...

Linux Distros Unpatched Vulnerability : CVE-2026-42483

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code vi...

Linux Distros Unpatched Vulnerability : CVE-2026-43044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : kmod update (USN-8226-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8226-1 advisory. It was discovered that the Linux kernel algifaead module contained a logic flaw allowing a local attacker to escalate privileges to root. This...

Linux Distros Unpatched Vulnerability : CVE-2026-43504

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access contro...

Linux Distros Unpatched Vulnerability : CVE-2026-43052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mac80211: check tdls flag in ieee80211tdlsoper When NL80211TDLSENABLELINK is called, the code only checks if the station exists but not whether it is...

CVE-2026-31769

A flaw was found in the Linux kernel's gpib module. This use-after-free vulnerability allows a local attacker to trigger a condition where memory is accessed after it has been freed. By concurrently calling specific ioctl handlers, an attacker could cause a system crash, leading to a denial of...