GHSA-VXVC-CG7J-RWQJ gittuf's policy can be rolled back to prior valid versions

Summary An attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. Impact gittuf determines the policy to load by inspecting the RSL. Except for the very first policy which is automatically...

EUVD-2026-28304

Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006...

CVE-2026-6278

creationtimestamp| type| source ---|---|--- 2026-05-07 02:20:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mla5prthjg2v...

SUSE CVE-2026-43106

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefilescull The patch mentioned below changed cachefilesburyobject to expect 2 references to the 'rep' dentry. Three of the callers were changed to use startremovingdentry which tak...

SUSE CVE-2026-43179

In the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits for invalid metabox-enabled images Crafted EROFS images with metadata compression enabled can trigger incorrect early returns, leading to folio reference leaks. However, this does not cause system...

SUSE CVE-2026-43193

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4file refcount leak in nfsdgetdirdeleg Claude pointed out that there is a nfs4file refcount leak in nfsdgetdirdeleg. Ensure that the reference to "fp" is released before returning...

SUSE CVE-2026-43270

In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix a reference leak bug in mtkmdpremove In mtkmdpprobe, vpugetplatdevice increases the reference count of the returned platform device. Add platformdeviceput to prevent reference leak...

CVE-2026-43270

A flaw was found in the Linux kernel's media: mtk-mdp module. A reference leak occurs because the vpugetplatdevice function increases a reference count that is not properly decreased by platformdeviceput in mtkmdpremove. This issue could potentially lead to resource exhaustion over time, which ma...

PT-2026-38615

Summary A stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other use...

GitPython 路径遍历漏洞

GitPython is a Python library developed by gitpython-developers, designed for interacting with Git repositories. Versions of GitPython prior to 3.1.48 contained a path traversal vulnerability. This vulnerability stemmed from insufficient validation of reference paths during reference creation,...

RHEL 9 : freeipmi (RHSA-2026:14819)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:14819 advisory. The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI...

Linux Distros Unpatched Vulnerability : CVE-2026-43154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits in volume label handling Crafted EROFS images containing...

PT-2026-38581

Name of the Vulnerable Software and Affected Versions Microsoft Partner Center affected versions not specified Description An externally controlled reference to a resource in another sphere allows an unauthorized attacker to perform spoofing over a network. Recommendations At the moment, there is...

PT-2026-38414

Name of the Vulnerable Software and Affected Versions gittuf versions prior to 0.14.0 Description An attacker with push access to the Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. This occurs because gittuf determines the...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016492 advisory. OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted ...

MiracleLinux 8 : java-17-openjdk-17.0.19.0.10-1.el8 (AXSA:2026-552:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-552:05 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...

Linux Distros Unpatched Vulnerability : CVE-2026-43106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefilescull The patch mentioned below change...

Linux Distros Unpatched Vulnerability : CVE-2026-43177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the...

CGA-RX9X-25F6-MVC3

Bulletin has no description...

GHSA-9W9C-9W8M-W89Q ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data

Summary GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated flag, timestamps belonging to any other namespace...