NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

Joomla! Percha Categories Tree 0.6 - Local File Inclusion

A directory traversal vulnerability in the Percha Fields Attach comperchafieldsattach component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2033 info: name:...

ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection

ASUSTOR ADM version 3.1.0.RFQ3 is vulnerable to SQL injection via the albumid parameter in the /photo-gallery/api/album/treelists/ endpoint. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database, potentially leading to information disclosure or further...

SUSE CVE-2026-46251

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix blockgrouptree dirtylist corruption When the incompat flag EXTENTTREEV2 is set, we unconditionally add the block group tree to the switchcommits list before calling switchcommitroots, as we do for the tree root and the...

SUSE CVE-2026-46269

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: 0.732084 Unable to handle kernel NULL point...

CVE-2026-46251

A flaw was found in the Linux kernel's Btrfs filesystem. When the EXTENTTREEV2 incompatibility flag is enabled, the block group tree's dirty list can become corrupted. This corruption occurs because the block group tree is incorrectly added to a commit list while already being tracked, leading to...

CVE-2026-46251

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix blockgrouptree dirtylist corruption When the incompat flag EXTENTTREEV2 is set, we unconditionally add the block group tree to the switchcommits list before calling switchcommitroots, as we do for the tree root and the...

EUVD-2026-34131

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: 0.732084 Unable to handle kernel NULL point...

CVE-2026-46269

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: 0.732084 Unable to handle kernel NULL point...

CVE-2026-46269

The CVE-2026-46269 issue affects the Linux kernel pinctrl driver for canaan k230. A NULL pointer dereference occurs during devicetree parsing in k230_pinctrl_parse_functions() when info->pctl_dev is still NULL, causing an invalid access to info->pctl_dev->dev. The root cause is using inf...

EUVD-2026-34113

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix blockgrouptree dirtylist corruption When the incompat flag EXTENTTREEV2 is set, we unconditionally add the block group tree to the switchcommits list before calling switchcommitroots, as we do for the tree root and the...

CVE-2026-46251 btrfs: fix block_group_tree dirty_list corruption

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix blockgrouptree dirtylist corruption When the incompat flag EXTENTTREEV2 is set, we unconditionally add the block group tree to the switchcommits list before calling switchcommitroots, as we do for the tree root and the...

CVE-2026-46251

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix blockgrouptree dirtylist corruption When the incompat flag EXTENTTREEV2 is set, we unconditionally add the block group tree to the switchcommits list before calling switchcommitroots, as we do for the tree root and the...

CVE-2026-46251

The CVE-2026-46251 issue is a Linux kernel Btrfs vulnerability where, when EXTENT_TREE_V2 is enabled, the block_group_tree may be added to switch_commits while still on the dirty_list, causing invalid list manipulation and corruption of block_group_root->dirty_list. This corruption can propaga...

Linux Distros Unpatched Vulnerability : CVE-2026-45874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phy: freescale: imx8qm-hsio: fix NULL pointer dereference During the probe the refclkpad pointer is set to NULL if the 'fsl,refclk-pad-mode' property is not...

Linux Distros Unpatched Vulnerability : CVE-2026-46251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix blockgrouptree dirtylist corruption When the incompat flag EXTENTTREEV2 is set, we unconditionally add the block group tree to the switchcommits list...

Security update for tree-sitter (important)

openSUSE security update: security update for tree-sitter ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20863-1 Rating: important References: bsc1265300 Cross-References: CVE-2026-44216 CVSS scores: CVE-2026-44216 SUSE : 7.5...

PT-2026-46032

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the k230 pinctrl driver during the probing process when parsing the devicetree. The issue arises within the k230 pinctrl parse functions function,...

Linux Distros Unpatched Vulnerability : CVE-2026-46194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix nodecnt race between extent node destroy and writeback f2fsdestroyextentnode does not set FINOEXTENT before clearing extent nodes. When called from...

NLLog: Lightweight, Explainable SOC Anomaly Detection Via Log-To-Language Rewriting

System-generated logs underpin security monitoring, yet their rigid template-based format hinders both automated analysis and human comprehension. We present NLLog Natural-Language Log, a lightweight pipeline that deterministically rewrites parsed templates into WHO-WHAT-SEVERITY sentences, pools...