CVE-2026-46152

A flaw was found in the Linux kernel's Wi-Fi mac80211 subsystem. The ieee80211invokefastrx function uses a static variable for rxresult, which is shared across concurrent calls. This can lead to incorrect processing of Wi-Fi packets, where a packet might be mishandled or its status incorrectly...

CVE-2026-47674

Summary of CVE-2026-47674 : In Hono, the ip-restriction middleware (hono/ip-restriction) evaluates deny/allow rules by string equality after partial normalization. Before version 4.12.21, non-canonical IPv6 representations (e.g., compressed forms, explicit-zero forms, or hex-notation IPv4-mapped ...

CVE-2026-47674 Hono: IP Restriction bypasses static deny rules for non-canonical IPv6

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6...

UBUNTU-CVE-2026-46152

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...

EUVD-2026-32779

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...

CVE-2026-46152

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...

CVE-2026-6937

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...

CVE-2026-6937 Appointment Booking Calendar <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbitrary Modification via Bulk Appointments REST API Endpoint

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...

CVE-2026-6937

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...

EUVD-2026-32747

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...

CVE-2026-42782

Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects...

PT-2026-44414

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.21 Description The ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6...

PT-2026-44275

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A race condition exists in the ieee80211 invoke fast rx function within the mac80211 wireless driver. The rx result variable...

CVE-2026-48066

pam_usb fixes a thread-unsafe behavior: before 0.9.1, src/log.c used a process-wide static pointer written on every PAM invocation to a stack-local address, creating a data race when PAM is invoked concurrently by multiple threads. The issue is resolved in version 0.9.1. Affected component: pam_u...

CVE-2026-48066 pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

EUVD-2026-32648

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

Directory Traversal

Overview taipy is an A 360° open-source platform from Python pilots to production-ready web apps. Affected versions of this package are vulnerable to Directory Traversal via the ElementLibrary.getresource function. An attacker can access files outside the intended directory by sending crafted GET...

EUVD-2026-32334

In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix refcount leak in pcsaddgpiofunc ofparsephandlewithargs returns a devicenode pointer with refcount incremented in gpiospec.np. The loop iterates through all phandles but never releases the reference, causing a...

UBUNTU-CVE-2026-45947

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpuacpienumeratexcc In amdgpuacpienumeratexcc, if amdgpuacpidevinit returns -ENOMEM, the function returns directly without releasing the allocated xccinfo, resulting in a memory leak. Fix this by...

angr 9.2.219

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...