CVE-2026-46224

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in xedmabufinitobj on allocation failure When drmgpuvmresvobjectalloc fails, the pre-allocated storage bo is not freed. Add xebofreestorage before returning the error. xedmabufinitobj calls xeboinitlocked, whi...

CVE-2026-46224

The CVE-2026-46224 entry concerns the Linux kernel drm/xe subsystem: a leaked buffer object (bo) in xe_dma_buf_init_obj() during allocation failure. The fix ensures that when drm_gpuvm_resv_object_alloc() fails, storage is freed via xe_bo_free(storage); since xe_dma_buf_init_obj() already frees t...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed an issue where inode lists were leaked during backref walking in findparentnodes. During backref walking, when findparentnodes is called, if we are dealing with a data extent and an error occurs while resolving...

SUSE CVE-2025-71271

In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb-sfsinfo is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are received using GRO with a fraglist, they may be segmented later on and continue their journey within the stack. In skbSegmentlist, these segments can be reused as they are. This is a...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtvchannelsiinit creates a temporary list program, service, event and ownership of the memory itself is transferred to the PAT/SDT/EIT tables through...

CVE-2026-39355 Genealogy is Missing Authorization in `TeamController::transferOwnership()` Allows Any Authenticated User to Hijack Any Team (Broken Access Control)

Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces...

CVE-2026-39355

Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces...

CVE-2026-39355

CVE-2026-39355 affects the Genealogy PHP application. Before version 5.9.1, a broken access control in TeamController::transferOwnership() lets any authenticated user transfer ownership of arbitrary non-personal teams to themselves, enabling takeover of team workspaces and access to associated da...

EUVD-2026-19865

Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces...

PT-2026-30977

Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces...

Genealogy 安全漏洞

Genealogy is a family tree PHP application developed by the creators of KREAWEB.be. Versions of Genealogy prior to 5.9.1 contained security vulnerabilities; these vulnerabilities stemmed from access control issues, which could allow arbitrary non-personal team ownership to be transferred...

CVE-2026-33650

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...

EUVD-2026-14488

AVideo: Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion...

Incorrect Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Incorrect Authorization in the authorization for video management operations. An attacker can gain unauthorized access to modify or delete any video, alter content...

GHSA-8X77-F38V-4M5J AVideo: Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

Summary A user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented as only allowing video publicity changes Active, Inactive, Unlisted. The roo...

AVideo: Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

Summary A user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented as only allowing video publicity changes Active, Inactive, Unlisted. The roo...

CVE-2026-33650

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...

CVE-2026-33650 AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...

CVE-2026-33650 AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...