CVE-2026-40249

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/subsId does not return after request body retrieval or deserialization...

CVE-2026-40245 Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR Unified Data Repository service. The handler for GET /nudr-dr/v2/application-data/influenceData/subs-to-notify sends a...

GHSA-GX38-8H33-PMXR free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors

Summary A fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify/subsId PUT handler to continue processing requests even after request body retrieval or deserialization errors. This may allow unintended modification of existing Policy Data notificatio...

free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors

Summary A fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify/subsId PUT handler to continue processing requests even after request body retrieval or deserialization errors. This may allow unintended modification of existing Policy Data notificatio...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006770)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006770 advisory. In the Linux kernel, the following vulnerability has been resolved: VMCI: check context-notifypage after call to getuserpagesfast to avoid GPF The call to...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006656)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006656 advisory. In the Linux kernel, the following vulnerability has been resolved: VMCI: check context-notifypage after call to getuserpagesfast to avoid GPF The call to...

OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)

...

CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

OpenPrinting CUPS 安全漏洞

OpenPrinting CUPS is an open-source printing system developed by OpenPrinting Inc., suitable for Linux® and other Unix®-based operating systems. OpenPrinting CUPS versions 2.4.16 and earlier contain security vulnerabilities. These vulnerabilities stem from the RSS notification program, which allo...

Malicious Package

Overview strapi-plugin-notify is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren't...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1495)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1495 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix null-deref in aggdequeue CVE-2025-40083 In the Linux kernel, the following vulnerability has been...

filecc (>=0.0.1 <=1.0.1), gm-i18n-migrate (>=2.7.0 <=2.9.0) +3 more potentially affected by unknown CVE via opencc (>=1.0.6 <=1.1.3)

opencc NPM version =1.0.6, =0.0.1, =2.7.0, =2.7.2, =1.0.2, =1.0.5 - wise-paas-notify-utility =1.4.10-s2t1 Source cves: unknown CVE Source advisory: OSV:GHSA-7FQQ-Q52P-2JJG...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix null-deref in aggdequeue CVE-2025-40083 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak of qgrouplist in btrfsaddqgrouprelation CVE-2025-40209 In t...

ROS-20260317-73-0005

A vulnerability in the qlennotify function of the sched component of the sched kernel of Linux operating systems is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CLSA-2026-1773048865 kernel: Fix of 53 CVEs

xhci: Remove device endpoints from bandwidth list when freeing the device CVE-2022-50470 - HID: multitouch: Add NULL check in mtinputconfigured CVE-2024-58020 - netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 - fs: writeback: fix use-after-free in markinodedirty...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005809)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005809 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may...

UBUNTU-CVE-2026-23237

In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL pointer checks In a few places in the Classmate laptop driver, code using the accel object may run before that object's address is stored in the driver data of the input device usi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005714)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005714 advisory. In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosusbpdnotify: Fix error handling in crosusbpdnotifyinit The following WARNING...

Malicious code in spark-audit-notify (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1c527925d1e7cb4055b6c154326cd54a713ad543349c2b3b6f8ab8f0d75e8cbe During installation, host identification details including AD domain are exfiltrated through a series of functions obfuscating this behavior. --- Category:...