EUVD-2026-40061

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/modroom/controller.php?action=add of the component POST Request Handler. Such manipulation of the argument Name leads to cross site scripting. The attack m...

CVE-2026-13555

The CVE-2026-13555 entry affects itsourcecode Online Hotel Management System 1.0. Affected component: /admin/mod_users/controller.php?action=add. Description indicates that manipulating the Name parameter yields SQL injection, exploitable remotely. Public exploit exists (proof-of-concept level). ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fixed an issue where double cleanup was performed in case of a failure in devmaddactionorreset. When devmaddactionorreset fails, it calls the passed cleanup function. Therefore, the caller must not repeat that cleanu...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devmrtcallocatedevice devmrtcallocatedevice will alloc a rtcdevice first, and then run devsetname. If devsetname failed, the rtcdevice will memleak. Move devmaddactionorreset in front of...

EUVD-2026-36552

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from cleanup operations that run on uninitialized kobject objects when the devmaddactionorreset functi...

PT-2026-37536

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the pruss clk mux setup function. The devm add action or reset function indirectly triggers pruss of free clk provider, which executes of node putclk mux np...

CVE-2026-7319

A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function getcontextfilepath of the file src/executionsystemmcp/server.py of the component addaction Tool. This manipulation of the argument context causes path traversal. The attack can be initiated remotely...

CVE-2026-7319 elinsky execution-system-mcp add_action Tool server.py _get_context_file_path path traversal

A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function getcontextfilepath of the file src/executionsystemmcp/server.py of the component addaction Tool. This manipulation of the argument context causes path traversal. The attack can be initiated remotely...

CVE-2026-7319

CVE-2026-7319 affects elinsky execution-system-mcp 0.1.0. The vulnerability is in the function _get_context_file_path (src/execution_system_mcp/server.py, add_action Tool), where improper handling of the context argument enables path traversal. Attack can be initiated remotely; the exploit has be...

CVE-2026-23387

In the Linux kernel, the following vulnerability has been resolved: pinctrl: cirrus: cs42l43: Fix double-put in cs42l43pinprobe devmaddactionorreset already invokes the action on failure, so the explicit put causes a double-put...

CVE-2026-23387

The CVE-2026-23387 issue concerns the Linux kernel fix for a double-put in pinctrl/cirrus cs42l43 handling during cs42l43_pin_probe, caused by an explicit put after devm_add_action_or_reset() already performing an action on failure. Connected OSV entries (ROOT-OS-DEBIAN-13-CVE-2026-23387 and ROOT...

Azure Linux 3.0 Security Update: kernel (CVE-2024-38603)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38603 advisory. - In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Actually use...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993246)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993246 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/drv: Fix potential memory leak in drmdevinit drmdevinit will add drmdevinitrelease as a...

CVE-2025-40145

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fix double cleanup on devmaddactionorreset failure When devmaddactionorreset fails, it calls the passed cleanup function. Hence the caller must not repeat that cleanup. Replace the "goto errregulatorfree" by the actu...

UBUNTU-CVE-2025-40145

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fix double cleanup on devmaddactionorreset failure When devmaddactionorreset fails, it calls the passed cleanup function. Hence the caller must not repeat that cleanup. Replace the "goto errregulatorfree" by the actu...

CVE-2025-40145 PCI/pwrctrl: Fix double cleanup on devm_add_action_or_reset() failure

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fix double cleanup on devmaddactionorreset failure When devmaddactionorreset fails, it calls the passed cleanup function. Hence the caller must not repeat that cleanup. Replace the "goto errregulatorfree" by the actu...

CVE-2025-40145 PCI/pwrctrl: Fix double cleanup on devm_add_action_or_reset() failure

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fix double cleanup on devmaddactionorreset failure When devmaddactionorreset fails, it calls the passed cleanup function. Hence the caller must not repeat that cleanup. Replace the "goto errregulatorfree" by the actu...

kernel: tpm: Change to kvalloc() in eventlog/acpi.c

In the Linux kernel, the following vulnerability has been resolved: tpm: Change to kvalloc in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: 10.693310 T1 tpmtis STM0925:00: 2.0 TPM device-id 0x3, rev-id 0 10.848132 T1 ------------ cut here ------------ 10.853559 T1...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989475 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Free irq vectors in order for v3 HW If the driver probe fails to request the chann...