PT-2026-48496

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic...

SUSE CVE-2026-46304

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmetctrlfree nvmettcpreleasequeuework runs on nvmet-wq and can drop the final controller reference through nvmetcqput. If that triggers nvmetctrlfree, the teardown path flushes...

UBUNTU-CVE-2026-46299

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the subsequent call to hfspluscatbuildkey fails, the function jumps to the...

CVE-2026-46295

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A race condition in the Advanced Programmable Interrupt Controller APIC interrupt handling can lead to an incorrect state during interrupt synchronization. This issue, occurring between a sender and target virtual...

CVE-2026-46297

A flaw was found in the Linux kernel's libwx network driver. Incorrect handling of virtual function VF miscellaneous interrupts, specifically using requestthreadedirq with a null threaded handler and the IRQFONESHOT flag, can trigger a kernel warning. This issue may lead to system instability or...

CVE-2026-46304

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmetctrlfree nvmettcpreleasequeuework runs on nvmet-wq and can drop the final controller reference through nvmetcqput. If that triggers nvmetctrlfree, the teardown path flushes...

CVE-2026-46279

In the Linux kernel, the following vulnerability has been resolved: mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed befor...

CVE-2026-46304

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmetctrlfree nvmettcpreleasequeuework runs on nvmet-wq and can drop the final controller reference through nvmetcqput. If that triggers nvmetctrlfree, the teardown path flushes...

CVE-2026-46304 nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmetctrlfree nvmettcpreleasequeuework runs on nvmet-wq and can drop the final controller reference through nvmetcqput. If that triggers nvmetctrlfree, the teardown path flushes...

CVE-2026-46304

The CVE-2026-46304 issue concerns the Linux kernel nvmet subsystem. The problem arises when nvmet_tcp_release_queue_work() runs on the nvmet-wq and can drop the final controller reference via nvmet_cq_put(), potentially triggering nvmet_ctrl_free() and flushing ctrl->async_event_work on the sa...

CVE-2026-46279

The CVE-2026-46279 issue in the Linux kernel is in mm/alloc_tag: pages allocated before page_ext initialization may have an uninitialized codetag, triggering warnings when freed under certain configs. The fix implements a global array (8192 entries) to track pages allocated before page_ext is ful...

CVE-2026-50571

creationtimestamp| type| source ---|---|--- 2026-06-08 12:27:23+00:00| seen| https://www.cert.at/de/warnungen/2026/6/angriffe-gegen-checkpoint-vpn-losungen-hotfix-verfugbar...

CVE-2026-11473

A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...

PT-2026-47359

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix RTNL assertion warning when remove module For the copper NIC with external PHY, the driver called phylink connect phy during probe and phylink disconnect phy during remove. It caused an RTNL assertion warning in...

PT-2026-47369

In the Linux kernel, the following vulnerability has been resolved: net: libwx: use request irq for VF misc interrupt Currently, request threaded irq is used with a primary handler but a NULL threaded handler, while also setting the IRQF ONESHOT flag. This specific combination triggers a WARNING...

PT-2026-47371

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplus fill super hfsplus fill super calls hfs find init to initialize a search structure, which acquires tree-tree lock. If the subsequent call to hfsplus cat build key fails, the function jumps ...

PT-2026-47351

In the Linux kernel, the following vulnerability has been resolved: mm/alloc tag: clear codetag for pages allocated before page ext initialization Due to initialization ordering, page ext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed...

PT-2026-47375

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the NVMe target controller teardown process where a recursive workqueue flush can occur. Specifically, the nvmet tcp release queue work function runs on the nvmet-wq...

MINI-4J2C-R7FF-FX8H

Bulletin has no description...

SUSE CVE-2026-46265

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQMEMRECLAIM warning When sunrpc is used, if a reset triggered, our wq may lead the following trace: workqueue: WQMEMRECLAIM xprtiod:xprtrdmaconnectworker rpcrdma is flushing !WQMEMRECLAIM...