CVE-2026-43434

CVE-2026-43434 (Linux kernel, rust_binder) : A vulnerability in the rust_binder component can occur during page installation or zap_page_range operations. If a VMA at a given address is closed and replaced, rust_binder may look up and use the wrong VMA, potentially allowing writes to normally rea...

CVE-2026-43356

The CVE-2026-43356 issue affects the Linux kernel IIO ADIS IMU drivers (e.g., adis16480, adis16490, adis16545). In adis_init(), the code dereferences adis->ops to inspect function pointers without first verifying that adis->ops itself is non-NULL, leading to a NULL pointer dereference durin...

CVE-2026-43356

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...

One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk

The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across liv...

OT Cybersecurity Challenges for ICS in 2026

OT Cybersecurity Challenges for ICS in 2026 OT cybersecurity has become a board-level risk because industrial control systems are no longer isolated, predictable, or invisible to attackers. In 2026, security teams protecting manufacturing plants, utilities, transportation systems, energy...

AI-Driven Security Alert Screening and Alert Fatigue Mitigation in Security Operations Centers: A Comprehensive Survey

Security alert screening is the downstream task of filtering, prioritizing, correlating, and contextualizing alerts for analyst attention in Security Operations Centers. This survey reviews artificial-intelligence-driven alert screening and alert-fatigue mitigation from 2015 to 2026. We synthesiz...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the adisinit function releasing a pointer without checking whether adis-ops is NULL. This could lead to...

PT-2026-39117

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A type confusion exists in the bonding driver within the bond setup by slave function. When a non-Ethernet device, such as a GRE tunnel, is enslaved to a bond, the driver directly copies...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ASoC soc-core component not refreshing its delayed operations before removing DAI and widgets...

NAVER MYBOX Explorer for Windows 安全漏洞

NAVER MYBOX Explorer for Windows is a software developed by South Korea's NAVER MYBOX company, used for managing cloud storage. Versions of NAVER MYBOX Explorer for Windows prior to version 3.0.11.160 contained security vulnerabilities. These vulnerabilities were due to improper permission checks...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the memfd mechanism’s handling of dirty flags during preservation operations. This vulnerability...

PT-2026-39017

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the adis init function. The function attempts to dereference adis-ops to verify if specific function pointers write, read, reset are NULL without fir...

CVE-2026-44118

OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata...

CVE-2026-40174

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

DEBIAN-CVE-2026-44243

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...

CVE-2026-42215

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...

CVE-2026-44243 GitPython: Path traversal in GitPython reference APIs allows arbitrary file write and delete outside the repository

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Information disclosure due to default passwords not being forced to be changed on post-installation

Summary The default password is used by IBM Operations Analytics - Log Analysis as part of the authentication to the Log Analysis User Interface. CVE-2026-7365. Vulnerability Details CVEID:CVE-2026-7365 DESCRIPTION: IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords...

CVE-2026-41658

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for...

Exploit for Prototype Pollution in N8N

GHSA-q5f4-99jv-pgg5 — n8n XML Webhook Prototype Pollution → RC...