CVE-2026-44194 OPNsense: RCE on user managment

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution RCE vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatti...

CVE-2026-44194

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution RCE vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatti...

CVE-2026-44194

The CVE-2026-44194 entry describes an authenticated RCE in OPNsense prior to version 26.1.8. The vulnerability arises in the local user synchronization flow (core/src/opnsense/scripts/auth/sync_user.php), where input validation can be bypassed by crafting a payload that looks like a valid email a...

CVE-2026-43483 KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is deactivated Explicitly set/clear CR8 write interception when AVIC is deactivated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM...

SUSE CVE-2026-43318

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will...

SUSE CVE-2026-43326

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...

SUSE CVE-2026-43426

In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: fix use-after-free in ISR during device removal In usbhsremove, the driver frees resources including the pipe array while the interrupt handler usbhsinterrupt is still registered. If an interrupt fires after...

Deciso OPNsense 操作系统命令注入漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.8 contained an operating system command injection vulnerability. This vulnerability stemmed from the local user synchronization process, where attackers could...

ROS-20260513-73-0011

Vulnerability in python-django related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

PT-2026-40827

Name of the Vulnerable Software and Affected Versions OPNsense versions prior to 26.1.8 Description An authenticated Remote Code Execution issue in the core of this FreeBSD-based firewall and routing platform allows a user with user-management privileges to execute arbitrary system commands as...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper setting or clearing of CR8 write interception when AVIC is activated. This vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2026-43324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - USB: dummy-hcd: Fix interrupt synchronization error This fixes an error in synchronization in the dummy- hcd driver. The error has a somewhat involved history...

EUVD-2026-29607

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows TCP/IP allows an authorized attacker to elevate privileges locally...

CVE-2026-34342

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally...

Windows Print Spooler Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally...

CVE-2026-22925

CVE-2026-22925 affects Siemens SIMATIC CN 4100 (all versions

CVE-2026-22925

A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This could allow an attacker to render the service unavailable and cause denial-of-service conditions by...

SUSE CVE-2026-43324

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix interrupt synchronization error This fixes an error in synchronization in the dummy-hcd driver. The error has a somewhat involved history. The synchronization mechanism was introduced by commit 7dbd8f4cabd9...

Relay Server 安全漏洞

Relay Server is an open-source system by System 3 that supports offline collaborative real-time document synchronization. There were security vulnerabilities in the Relay Server versions 0.9.0 to 0.9.6. These vulnerabilities stemmed from WebSocket endpoints for multiple documents, where WebSocket...

PT-2026-40164

Name of the Vulnerable Software and Affected Versions Windows Ancillary Function Driver for WinSock affected versions not specified Description A race condition occurs in the Windows Ancillary Function Driver for WinSock due to improper synchronization when using a shared resource. This allows an...