476 matches found
CVE-2026-26275 httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...
CVE-2026-26223 SPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private Area
SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...
CLSA-2026-1771412755 Update of alt-php
Update ca-certificates database to 20260210: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "Entrust Root Certification Authority" Certificate "ePKI Root Certification Authority" Certificate...
CLSA-2026-1771412648 Update of alt-php
Update ca-certificates database to 20260210: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "ePKI Root Certification Authority" - The following certificates were added: Certificate "TrustAsia...
CLSA-2026-1771412339 Update of ca-certificates
update to CKBI 2.82 from NSS 3.120 - updated certificates: - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go Daddy Class 2 CA" - Certificate "Starfield Class...
CLSA-2026-1771411804 Update of ca-certificates
update to CKBI 2.82 from NSS 3.120 - updated certificates: - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go Daddy Class 2 CA" - Certificate "Starfield Class...
CLSA-2026-1771411561 Update of ca-certificates
update to CKBI 2.82 from NSS 3.120 - updated certificates: - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go Daddy Class 2 CA" - Certificate "Starfield Class...
kernel security update
6.12.0-124.38.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from failing to skip the rxnosta processing when the interface is not added. This could lead to warnin...
CLSA-2026-1771011008 Update of nss
update to CKBI 2.82 from NSS 3.120 - updated certificates: - Certificate "ePKI Root Certification Authority" - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go...
CLSA-2026-1771009112 Update of nss
update to CKBI 2.82 from NSS 3.120 - updated certificates: - Certificate "ePKI Root Certification Authority" - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go...
PT-2026-27579
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.3 iPadOS versions prior to 26.3 macOS versions prior to Tahoe 26.3 Description An issue existed where an application could potentially access protected user data due to insufficient permissions restrictions...
CLSA-2026-1770707507 Fix CVE(s): CVE-2026-24515
SECURITY UPDATE: Make XMLExternalEntityParserCreate copy unknown encoding handler user data - debian/patches/CVE-2026-24515.patch: copy unknown encoding handler user data and add tests to cover effect - CVE-2026-24515...
kernel: ipv6: use RCU in ip6_output()
A use-after-free flaw was found in ip6finishoutput2 in net/ipv6/ip6output.c in ipv6 access. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...
kernel security update
5.14.0-611.30.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...
CVE-2026-23044 PM: hibernate: Fix crash when freeing invalid crypto compressor
In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When cryptoallocacomp fails, it returns an ERRPTR value, not NULL. The cleanup code in savecompressedimage and loadcompressedimage unconditionally calls...
osbuild-composer security update
149-4.0.1 - Add missing dependency over dracut-config-rescue for image-installer Orabug: 38587453 - Add OL10 support - Update repository URLs for baseos, appstream and UERK - Fix the label for UEKR repository - Simplify repository names JIRA: OLDIS-35893 - Ensure build on latest golang:...
An AI plush toy exposed thousands of private chats with children
Bondu’s AI plush toy exposed a web console that let anyone with a Gmail account read about 50,000 private chats between children and their cuddly toys. Bondu's toy is marketed as: “A soft, cuddly toy powered by AI that can chat, teach, and play with your child.” What it doesn’t say is that anyone...
UBUNTU-CVE-2026-23039
In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drmatomichelperdisableall is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a kernel oops on every displ...
CVE-2026-23039
The CVE-2026-23039 issue affects the Linux kernel DRM Gud (drm/gud) code path. On USB disconnect, drm_atomic_helper_disable_all() clears plane fb and crtc by setting them to NULL before a commit, which can trigger a kernel oops. The fix implements guards to prevent NULL dereferences when accessin...