USN-8123-1 mbedtls vulnerabilities

It was discovered that Mbed TLS incorrectly handled memory allocation failures. A remote attacker could possibly use this issue to crash the program. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-44732 Jonathan Winzig discovered that Mbed TLS incorrectly handled crafted...

CVE-2026-4718

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the WebRTC: Signaling component...

CVE-2026-4705

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the WebRTC: Signaling component...

EUVD-2026-15378

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing struct bpfplt contains a u64 target field. Currently, the BPF JIT allocator requests an alignment of 4 bytes sizeofu32 for the JIT buffer. Because the ba...

EUVD-2026-15293

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: validate open interval overlap Upstream commit 648946966a08e4cb1a71619e3d1b12bd7642de7b Open intervals do not have an end element, in particular an open interval at the end of the set is hard to validate...

SUSE CVE-2026-4724

Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

CVE-2026-4724

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the Audio/Video component...

CVE-2026-23386

CVE-2026-23386 concerns the Linux kernel gve driver in QPL mode, where gve_tx_clean_pending_packets() could misinterpret the dma_addr_t array as buffer IDs, causing out-of-bounds/unmap errors. The root cause was an improper buffer cleanup path in gve_tx_clean_pending_packets() that could referenc...

CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing struct bpfplt contains a u64 target field. Currently, the BPF JIT allocator requests an alignment of 4 bytes sizeofu32 for the JIT buffer. Because the ba...

CVE-2026-23373

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Don't default to -EOPNOTSUPP in rsimac80211config This triggers a WARNON in ieee80211hwconfinit and isn't the expected behavior from the driver - other drivers default to 0 too...

CVE-2026-23333 netfilter: nft_set_rbtree: validate open interval overlap

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: validate open interval overlap Upstream commit 648946966a08e4cb1a71619e3d1b12bd7642de7b Open intervals do not have an end element, in particular an open interval at the end of the set is hard to validate...

CVE-2026-23329

In the Linux kernel, the following vulnerability has been resolved: libie: don't unroll if fwlog isn't supported The libiefwlogdeinit function can be called during driver unload even when firmware logging was never properly initialized. This led to call trace: 148.576156 Oops: Oops: 0000 1 SMP...

Malicious code in torchunmix (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bee332cb141dec3033a9c1590cfb3df81e7dfa66dd4a4ce0072ccc92f9301891 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from repeated calls to interrupt callback functions. This vulnerability may lead to warnings and...

Security update for mumble (low)

openSUSE security update: security update for mumble ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20394-1 Rating: low References: bsc1259721 Cross-References: CVE-2025-71264 Affected Products: openSUSE Leap 16.0...

CVE-2026-3912

CVE-2026-3912 affects TIBCO ActiveMatrix BusinessWorks and Enterprise Administrator. The issue is an injection vulnerability arising from validation/sanitisation gaps for user-supplied input, leading to information disclosure (including accessible local files and host system details) and potentia...

CVE-2026-33157

Craft CMS 5.x (5.6.0–5.9.12) is vulnerable to authenticated Remote Code Execution via malicious attached behavior, due to un sanitized fieldLayouts in ElementIndexesController::actionFilterHud() feeding FieldLayout::createFromConfig(). The bug chain bypasses a prior fix that cleansed inputs with ...

CVE-2026-33157 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...

CVE-2026-33157 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...

EUVD-2026-14934

Craft CMS is Vulnerable to Authenticated Remote Code Execution via Malicious Attached Behavior...