Fedora 44 : composer (2026-9b34a78e81)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9b34a78e81 advisory. Version 2.10.1 - 2026-06-04 Security: Fixed shell escaping when opening an editor 12903 Security: Verify backup phar signature before restoring it when using...

EUVD-2026-36397

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

PT-2026-47544

Description: Summary Poweradmin v4.4.0 is vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters =, +, -, @. When an administrator export...

SUSE CVE-2026-46255

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsledmaengine::muxclk are allocated and enabled with devmclkgetenabled, which automatically cleans these resources up, but these clocks are also manual...

CVE-2026-46255

A flaw was found in the Linux kernel's fsl-edma driver. This vulnerability occurs because the driver attempts to explicitly disable clocks during its removal process, even though these resources are automatically managed. This redundant action can lead to warnings being generated during driver...

CVE-2026-46255

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsledmaengine::muxclk are allocated and enabled with devmclkgetenabled, which automatically cleans these resources up, but these clocks are also manual...

CVE-2026-46255

Summary: CVE-2026-46255 affects the Linux kernel fsl-edma driver (dmaengine). The issue arises because clocks allocated/enabled with devm_clk_get_enabled() are automatically cleaned up, but fsl_edma_remove() explicitly disables them via fsl_disable_clocks(), causing warnings during driver removal...

CVE-2025-71314

In the Linux kernel, the drm/panthor component was updated to recover from panthor_gpu_flush_caches() failures that could block the memory subsystem. The fix introduces a reset path to recover when flush operations hang, and resets pending_reqs so new commands can be issued after a reset. If addi...

CVE-2025-71314

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthorgpuflushcaches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can recov...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fsl-edma driver disabling clocks that were previously automatically managed by devmclkget. Th...

PT-2026-45985

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/panthor component where the memory subsystem can become blocked, causing flush operations to never complete. This state can be triggered by buggy GPU jobs...

PT-2026-46018

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the dmaengine fsl-edma component where clocks in fsl edma engine::muxclk are allocated and enabled using devm clk get enabled. This function automatically manages...

Linux Distros Unpatched Vulnerability : CVE-2026-46255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsledmaengine::muxclk are allocated and enabled with devmclkgetenabled, which...

CVE-2026-9096

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

SUSE-SU-2026:21882-1 Security update for nvidia-open-driver-G06-signed

This update for nvidia-open-driver-G06-signed fixes the following issues: - Get rid of "'naked' return found in MITIGATIONRETHUNK build" objtool warnings bsc1212841, bsc1263834 - update CUDA variant to 580.159.03 - update non-CUDA variant to 580.159.03 bsc1262749 - Fixes CVEs: CVE-2025-33221,...

Brave Desktop 1.90.128 Security Fixes

Updated wallet to handle more "Permit" type warnings in the "Sign" panel as reported on HackerOne by syarif07. - Fix wallet provider binding issue as reported on HackerOne by shinchan69. Upgraded Chromium to 148.0.7778.217 — refer to Google Chrome advisories for inherited CVEs...

SUSE CVE-2026-46085

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM errors from decryption by aborting. Further, remove the WARNONONCE so that it can't be remotely trigger...

Malicious code in vectordb-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42695503b90ec4adc30c038c3321d637f05038f841bcc5f463a16b891fe4e3e0 During pip install, a custom buildext step in src/vectordbenginebuild.py runs an obfuscated payload that performs targeted reconnaissance and...

CLSA-2026-1779361233 java-1.8.0-openjdk: Fix of 7 CVEs

Update to shenandoah-jdk8u492-b09 - Security fixes from OpenJDK 8u492-b09: - CVE-2026-22007: enhance crypto algorithm support - CVE-2026-22013: improve Kerberos credentialing - CVE-2026-22016: enhance Path Factories Redux - CVE-2026-22018: enhance Zip file reading - CVE-2026-22021: enhance...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: hp-bioscfg: Fixed warnings regarding empty attribute names in kobjects. The hp-bioscfg driver attempts to register kobjects with empty names when the HP BIOS returns attributes with empty name strings. This causes...