EUVD-2026-27548

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

CVE-2026-43239

In the Linux kernel, the following vulnerability has been resolved: smb: client: prevent races in -queryinterfaces It was possible for two query interface works to be concurrently trying to update the interfaces. Prevent this by checking and updating ifacelastupdate under ifacelock...

CVE-2026-43282

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix potential NULL pointer dereference in ionicqueryport The function ionicqueryport calls ibdevicegetnetdev without checking the return value which could lead to NULL pointer dereference, Fix it by checking the retur...

CVE-2026-43282

CVE-2026-43282 affects the Linux kernel, specifically the RDMA ionic driver. The issue is in ionic_query_port(), which calls ib_device_get_netdev() without validating the return value, risking a NULL pointer dereference. The documented fix is to check the returned netdev and return -ENODEV if it ...

CVE-2026-43239

The CVE-2026-43239 issue concerns the Linux kernel SMB client where two concurrent operations could race while updating network interfaces via query_interfaces(), risking an inconsistent state. The root cause is improper synchronization of iface_last_update under iface_lock. Public advisories con...

CVE-2026-43239 smb: client: prevent races in ->query_interfaces()

In the Linux kernel, the following vulnerability has been resolved: smb: client: prevent races in -queryinterfaces It was possible for two query interface works to be concurrently trying to update the interfaces. Prevent this by checking and updating ifacelastupdate under ifacelock...

CVE-2026-43239

In the Linux kernel, the following vulnerability has been resolved: smb: client: prevent races in -queryinterfaces It was possible for two query interface works to be concurrently trying to update the interfaces. Prevent this by checking and updating ifacelastupdate under ifacelock...

CVE-2026-43239

In the Linux kernel, the following vulnerability has been resolved: smb: client: prevent races in -queryinterfaces It was possible for two query interface works to be concurrently trying to update the interfaces. Prevent this by checking and updating ifacelastupdate under ifacelock...

CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5eipsecinitmacs by replacing mlx5querymacaddress with etheraddrcopy to get the local MAC address directly from...

CVE-2026-43178

In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput in doprocmapquery When user provides incorrectly sized buffer for build ID for PROCMAPQUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocke...

CVE-2026-43178 procfs: fix possible double mmput() in do_procmap_query()

In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput in doprocmapquery When user provides incorrectly sized buffer for build ID for PROCMAPQUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocke...

CVE-2026-43178

In the Linux kernel, the procfs component has a vulnerability in do_procmap_query() that can trigger a double mmput() of an mm_struct when a user passes an incorrectly sized buffer for PROCMAP_QUERY's build ID. The root cause is a change that defers cleanup after unlocking mmap_lock and per-VMA, ...

CLSA-2026-1772575666 containernetworking-plugins: Fix of 3 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages for certificates with many SANs - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory...

Improperly Controlled Modification Of Dynamically-Determined Object Attributes

Apache Camel is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. The vulnerability is due to lack of header filtering when mapping CoAP query parameters to message headers, which allows an attacker to inject malicious headers and execute arbitrary...

SUSE CVE-2026-43034

In the Linux kernel, the following vulnerability has been resolved: bnxten: set backing store type from query type bnxthwrmfuncbackingstoreqcapsv2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctxarr and...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ionicqueryport function not checking the return value of ibdevicegetnetdev, potentially leading to...

PT-2026-37518

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the procfs component within the do procmap query function. When a user provides an incorrectly sized buffer for the build ID during a PROCMAP QUERY, the system returns a...

PT-2026-37539

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5e ipsec init macs by replacing mlx5 query mac address with ether addr copy to get the local MAC address directly from...

PT-2026-38081

A SQL injection vulnerability in FilterEngine.create sqla query allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint GET /dids//dids/search. On Oracle deployments attacker-controlled filter keys and values are interpolated...

📄 MikroORM 7.0.5 SQL Injection

MikroORM versions 7.0.5 and below suffer from a remote SQL injection vulnerability. CVE-2026-43220 MikroORM SQL Injection ★ CVE-2026-43220 MikroORM SQL Injection PoC ★ https://github.com/user-attachments/assets/33724cfc-6151-47ff-9415-2f50c5124cd1 Overview CVE-2026-43220 is a SQL Injection...