CVE-2026-46233

A flaw was found in the Linux kernel's batman-adv module. This vulnerability allows a local attacker to trigger a NULL-pointer dereference within the batadvblapurgeclaims function. This issue arises from a timing conflict when a claim is being released simultaneously, causing a critical pointer t...

CVE-2026-46120

A flaw was found in the Linux kernel's ip6gre module. An unprivileged user could exploit this vulnerability by migrating a network device, causing the ip6erspanchangelink function to incorrectly handle network namespace references. This error leads to a use-after-free condition when the original...

RLSA-2026:19175 Important: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CVE-2026-46189

A flaw was found in the Linux kernel, specifically within the RDMA Remote Direct Memory Access vmwpvrdma module. This vulnerability is a double free, which means the system attempts to release the same memory resource twice. This can occur in an error handling path within the pvrdmaallocucontext...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Description of the Vulnerability CVE-2026-31431 CVE ID:...

kernel: netfilter: xt_tcpmss: check remaining length before reading optlen

A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...

EUVD-2026-32892

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

CVE-2026-46189

In the Linux kernel, the following vulnerability has been resolved: RDMA/vmwpvrdma: Fix double free on pvrdmaallocucontext error path Sashiko points out that pvrdmauarfree is already called within pvrdmadeallocucontext, so calling it before triggers a double free...

UBUNTU-CVE-2026-46197

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. cherry picked from commit...

UBUNTU-CVE-2026-46140

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

CVE-2026-46140

The CVE affects Linux kernel Bluetooth btmtk code. btmtk_usb_hci_wmt_sync() casts WMT event response SKB data to btmtk_hci_wmt_evt (7 bytes) and btmtk_hci_wmt_evt_funcc (9 bytes) without verifying that the SKB contains enough data, causing out-of-bounds reads from SKB tailroom when a short firmwa...

CVE-2026-46117

CVE-2026-46117 affects the Linux kernel RDMA/mana component. The issue arises when a user can configure Work Queues to share the same Completion Queue via the uAPI, which triggers a user-writable WARN_ON() and can lead to kernel corruption. The vulnerability has been resolved by removing the trig...

Typecho-GetText-eval-RCE-PoC

Typecho GetText Plural-Forms eval Remote Code Execution...

Self-Researched-POC

NGINX ngxhttpr...

Exploit for CVE-2026-42945

CVE-2026-42945 — NGINX Rift Heap Buffer Overflow in NGINX...

CVE-2026-45848

A flaw was found in the Linux kernel's AppArmor security module. This vulnerability allows a local attacker to trigger a NULL pointer dereference during socket setup or teardown operations. This can lead to a kernel 'oops', resulting in a system crash and a Denial of Service DoS...

CVE-2026-32999

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...

CVE-2026-32999

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...

SUSE CVE-2026-42791

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

SUSE CVE-2026-45854

In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - unregister only available algorithm EIP93 has an options register. This register indicates which crypto algorithms are implemented in silicon. Supported algorithms are registered on this basis...