CVE-2026-6019

A flaw was found in Python's http.cookies module. The Morsel.jsoutput function, responsible for generating JavaScript output for cookies, does not properly neutralize the Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Produc...

EUVD-2026-25644

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - limit RX SG extraction by receive buffer budget Make afalggetrsgl limit each RX scatterlist extraction to the remaining receive buffer budget. afalggetrsgl currently uses afalgreadable only as a gate before...

[SECURITY] Fedora 44 Update: xdg-dbus-proxy-0.1.7-1.fc44

xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts...

[SECURITY] Fedora 44 Update: qt6-qttranslations-6.10.3-1.fc44

Qt6 - QtTranslations module...

[SECURITY] Fedora 44 Update: qt6-qtscxml-6.10.3-1.fc44

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

[SECURITY] Fedora 44 Update: qt6-qtwayland-6.10.3-1.fc44

Qt6 - Wayland platform support and QtCompositor module...

[SECURITY] Fedora 44 Update: qt6-qtmqtt-6.10.3-1.fc44

MQTT is a machine-to-machine M2M protocol utilizing the publish-and-subscri be paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry...

[SECURITY] Fedora 44 Update: python-pyside6-6.10.3-1.fc44

PySide6 is the official Python module from the Qt for Python project, which provides access to the complete Qt 6+ framework...

[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-7.fc44

Nginx virtual host traffic status module...

[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-7.fc44

NGINX module for Brotli compression...

[SECURITY] Fedora 44 Update: nginx-mod-modsecurity-1.0.4-8.fc44

The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...

[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-15.fc44

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

SUSE CVE-2026-31573

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to initconst misuse Fix a kernel panic when probing the driver as a module: Unable to handle kernel paging request at virtual address ffffd9c18eb05000 offindmatchingnodeandmatch+0x5c/0x1a0...

Linux Distros Unpatched Vulnerability : CVE-2026-31582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hwmon: powerz Fix use-after-free on USB disconnect After powerzdisconnect frees the URB and releases the mutex, a subsequent powerzread call can acquire the mut...

CVE-2026-31612

A flaw was found in ksmbd, a Linux kernel module. A remote attacker can exploit this vulnerability by sending a specially crafted client request to the smb2getea function. Due to improper validation of the EaNameLength field, the system may leak uninitialized heap memory values, leading to...

CLSA-2026-1777059908 binutils: Fix of 4 CVEs

CVE-2022-47673: fix out-of-bounds reads in parsemodule bfd/vms-alpha.c, combined backport of upstream commits c9178f28, 942fa4fb, 77c225bd, 65cf035b and c093f5ee patch also covers CVE-2023-25584 - CVE-2022-47695: fix segfault in objdump comparesymbols on synthetic plt symbols - CVE-2022-47696:...

Metasploit Wrap-Up 04/25/2026

Check Method Visibility Metasploit has supported check methods for many years now. It’s not always desirable to jump straight into exploiting a vulnerability but instead to determine if the target is vulnerable. Metasploit tries to be very conservative with classifying a target as “vulnerable”...

CVE-2025-50229

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

CVE-2026-31573

A flaw was found in the Linux kernel's verisilicon hantrovpu media driver. When the driver is built as a module, a misuse of the initconst annotation causes data to be prematurely freed. This freed memory is later accessed during driver probing or unbind-bind cycles, leading to a kernel panic and...

TYPO3 CMS Stores Cleartext Password in User Settings Module

Problem The backend user settings module SetupModuleController incorrectly conflates entity data like passwords or email address with user-interface settings like theme, display options when persisting changes. As a result, passwords were stored in cleartext in the uc and usersettings fields of t...