Linux Distros Unpatched Vulnerability : CVE-2026-23237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - platform/x86: classmate-laptop: Add missing NULL pointer checks In a few places in the Classmate laptop driver, code using the accel object may run before that...

USN-8077-1: Bleach vulnerabilities

It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly use this issue to construct a URI with a disallowed scheme that would bypass sanitization, leading to cross-site scripting. This issue only affected Ubuntu 18.04 LTS...

CVE-2026-2355

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template attribute of the mycalendarupcoming shortcode in all versions up to, and including, 3.7.3. This is due to the use of stripcslashes on user-supplied shortcode attribute...

SUSE CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005499)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005499 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dcb: choose correct policy to parse DCBATTRBCN The dcbnlbcnsetcfg uses erroneous policy to...

CVE-2026-29086

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie...

CVE-2026-29086

In IBM advisories, CVE-2026-29086 affects the Hono web framework used by IBM App Connect Enterprise containers. Prior to 4.12.4, setCookie() did not validate semicolons, carriage returns, or newlines in domain and path when constructing Set-Cookie, enabling potential cookie-attribute injection. T...

CVE-2026-29086 Hono: Cookie Attribute Injection via Unsanitized domain and path in setCookie()

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie...

CVE-2026-29086 Hono: Cookie Attribute Injection via Unsanitized domain and path in setCookie()

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie...

EUVD-2026-9508

Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie...

Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie()

Summary The setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if...

GHSA-5PQ2-9X2X-5P6W Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie()

Summary The setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if...

EUVD-2026-9407

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...

EUVD-2026-9409

In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL pointer checks In a few places in the Classmate laptop driver, code using the accel object may run before that object's address is stored in the driver data of the input device usi...

CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...

UBUNTU-CVE-2026-23237

In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL pointer checks In a few places in the Classmate laptop driver, code using the accel object may run before that object's address is stored in the driver data of the input device usi...

UBUNTU-CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...

CVE-2026-23237

CVE-2026-23237 affects the Linux kernel, specifically the platform/x86 classmate-laptop driver. The issue arises when sysfs attributes of the input device are accessed before the driver has stored the input device address, causing NULL pointer dereferences via dev_get_drvdata(&inputdev->dev) i...

CVE-2026-23237

In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL pointer checks In a few places in the Classmate laptop driver, code using the accel object may run before that object's address is stored in the driver data of the input device usi...

CVE-2026-23235 f2fs: fix out-of-bounds access in sysfs attribute read/write

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...