Important: kernel-livepatch-6.1.168-202.320

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.1.168-202.320 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel6.18

Issue Overview: PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through iouring fixed buffers. Affected Packages: kernel6.18 Issue Correction: Run dnf update kernel6.18 --releasever 2023.11.20260526 or dnf updat...

KLA91068 ACE vulnerability in Microsoft Office

A remote code execution vulnerability was found in Microsoft Office. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2026-45659 Exploitation Related products Microsoft-SharePoint CVE list CVE-2026-45659 critical KB list 5002863 5002868 5002870...

PT-2026-36993

Name of the Vulnerable Software and Affected Versions The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder versions prior to 1.15.43 Description Insufficient escaping of user-supplied parameters and a lack of proper preparation in SQL queries allow unauthenticated attackers ...

Important: kernel-livepatch-6.12.74-98.124

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...

PT-2026-38129

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An object lifecycle issue in V8 allows a remote attacker to perform an out-of-bounds memory read by using a crafted HTML page. An out-of-bounds memory read occurs when a program reads...

Medium: openssl-snapsafe

Issue Overview: NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NULL dereference when processing CMS KeyTransportRecipientInfo...

April 14, 2026—KB5082142 (OS Build 20348.5020)

April 14, 2026—KB5082142 OS Build 20348.5020 This cumulative update for Windows Server 2022 KB5082142, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security updates, optiona...

April 14, 2026—KB5082052 (OS Build 22631.6936)

April 14, 2026—KB5082052 OS Build 22631.6936 ​​​​​This cumulative update for Windows 11, version 23H2 KB5082052, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security update...

Important: dotnet8.0

Issue Overview: Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-26130 Affected Packages: dotnet8.0 Issue Correction: Run dnf update dotnet8.0 --releasever 2023.10.20260330 or dnf update --advisory...

Fedora 42 : rustup (2026-609bc373aa)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-609bc373aa advisory. Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin

Security Advisory — Code Study Plugin Summary An authenticated user may be able to execute arbitrary code in the Code Study Plugin. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the Code Study Plugin, an authenticated user could...

Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an...

March 10, 2026—KB5078766 (OS Build 20348.4893)

March 10, 2026—KB5078766 OS Build 20348.4893 This cumulative update for Windows Server 2022 KB5078766, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security updates, optiona...

Important: python-pillow

Issue Overview: Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. CVE-2026-25990 Affected Packages: python-pillow Issue Correction: Run dnf update python-pillo...

Important: postgresql16

Issue Overview: Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before...

Important: freerdp

Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. Th...

Medium: wireshark

Issue Overview: MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service CVE-2025-11626 Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service CVE-2025-13499 BPv7 dissector crash in Wireshark 4.6.0 allows denial of servi...

Medium: libpng

Issue Overview: Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer ASan, the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become...

Important: kmod-nvidia-latest-dkms

Issue Overview: NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of servic...