CVE-2026-43287

A flaw was found in the Linux kernel. An unprivileged local user can exploit a vulnerability in the DRMIOCTLMODECREATEPROPBLOB function, which allows for the allocation of arbitrary-sized property blobs in kernel memory. This memory is not properly accounted for, leading to unbounded kernel memor...

XSS

No d...

CVE-2025-48651

In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-32908

This CVE ID has been rejected...

CVE-2026-32609

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

ChurchCRM 跨站脚本漏洞

ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM suffers from a cross-site scripting vulnerability that originates from an authenticated user being able to store a JavaScript payload, no details of the vulnerability are provided at this time...

CVE-2026-23184

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF in bindernetlinkreport Oneway transactions sent to frozen targets via binderproctransaction return a BRTRANSACTIONPENDINGFROZEN error but they are still treated as successful since the target is expected to thaw a...

CVE-2025-71220

In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbdsessionrpcclose on error path in createsmb2pipe When ksmbdiovpinrsp fails, we should call ksmbdsessionrpcclose...

Exploit for CVE-2025-49132

No d...

HCL AION Cross-Site Scripting Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a cross-site scripting vulnerability, which is caused by a lack of content security policy, no details of the vulnerability are provided at this time...

CVE-2026-23103

A race condition vulnerability was found in the Linux kernel's ipvlan driver. The per-device addrslock was incorrectly used instead of a per-port lock, and some code paths ipvlanopen/ipvlanclose failed to acquire the lock entirely. For IPv6 address changes that don't require RTNL lock, concurrent...

CVE-2026-23080

In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: mcbausbreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In mcbausbprobe - mcbausbstart, the URBs for USB-in transfe...

Unspecified Vulnerability in Delta Electronics DIAView

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...

Exploit for CVE-2025-7771

No d...

CVE-2026-0905

Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. Chromium security severity: Medium...

Delta Electronics DIAView 安全漏洞

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security vulnerability exists in Delta Electronics DIAView that stems from failure to authenticate critical functions. No details of the vulnerability are available at this time...

CVE-2025-71113

A flaw was found in the Linux kernel's crypto AFALG subsystem. Memory allocated via sockkmalloc for crypto user API contexts is not zero-initialized, leaving fields with garbage values. Specifically, the 'inflight' variable can contain random data, causing afalgallocareq to spuriously return -EBU...

EUVD-2026-1166

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...

CVE-2022-50834

In the Linux kernel, the following vulnerability has been resolved: nfc: Fix potential resource leaks nfcgetdevice take reference for the device, add missing nfcputdevice to release it when not need anymore. Also fix the style warnning by use error EOPNOTSUPP instead of ENOTSUPP...

CVE-2025-68221

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix address removal logic in mptcppmnlrmaddr Fix inverted WARNONONCE condition that prevented normal address removal counter updates. The current code only executes decrement logic when the counter is already 0 abnormal...