CVE-2026-44551 Open WebUI: LDAP Empty Password Authentication Bypass

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...

PT-2026-39083

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the legacy NCM driver within the gncm bind function. This issue arises because the driver attempts to access the net device before it is fully...

PT-2026-37396

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix NULL deref in ip vs add service error path When ip vs bind scheduler succeeds in ip vs add service, the local variable sched is set to NULL. If ip vs start estimator subsequently fails, the out err cleanup calls ip vs...

EUVD-2026-25499

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: don't call cdevinit while cdev in use When calling unbind, then bind again, cdevinit reinitialized the cdev, even though there may still be references to it. That's the case when the /dev/hidg device is still...

CVE-2026-31479 drm/xe: always keep track of remap prev/next

In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of remap prev/next During 3D workload, user is reporting hitting: 413.361679 WARNING: drivers/gpu/drm/xe/xevm.c:1217 at vmbindioctlopsunwind+0x1e2/0x2e0 xe, CPU7: vkd3dqueue/9925 413.361944 CPU: 7 UID:...

RLSA-2026:1143 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free in device mapper due to race condition in zone reporting CVE-2025-38141 kernel: Linux kernel use-after-free in eventpoll CVE-2025-38349 kernel: drm/xe: Fix...

EUVD-2008-7241

Malware in sbrugna...

EUVD-2024-20884

Malicious code in bioql PyPI...

CVE-2008-7288

IBM Tivoli Directory Server TDS 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers to cause a denial of service server destabilization via an anonymous DIGEST-MD5 LDAP Bind operation...

DEBIAN-CVE-2025-21880

In the Linux kernel, the following vulnerability has been resolved: drm/xe/userptr: fix EFAULT handling Currently we treat EFAULT from hmmrangefault as a non-fatal error when called from xevmuserptrpin with the idea that we want to avoid killing the entire vm and chucking an error, under the...

SUSE CVE-2025-21749

In the Linux kernel, the following vulnerability has been resolved: net: rose: lock the socket in rosebind syzbot reported a soft lockup in roseloopbacktimer, with a repro calling bind from multiple threads. rosebind must lock the socket to avoid this issue...

CVE-2024-23380

Memory corruption while handling user packets during VBO bind operation...

CVE-2024-23380

Memory corruption while handling user packets during VBO bind operation...

CVE-2024-23380 Use After Free in Graphics

Memory corruption while handling user packets during VBO bind operation...

CVE-2024-23380 Use After Free in Graphics

Memory corruption while handling user packets during VBO bind operation...

CVE-2024-23380

CVE-2024-23380 is a memory corruption issue in Qualcomm’s graphics stack related to handling user packets during a VBO bind operation. The flaw is described as a local issue with high impact to confidentiality, integrity, and availability. The CVSS indicates local access with low attack complexit...

SUSE CVE-2014-2678

The rdsiwladdrcheck function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports...

SUSE CVE-2018-18559

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanoutadd from setsockopt and bind on an AFPACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain...

PT-2022-6733 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use-after-free flaw in the Linux kernel's PLP Rose functionality. This flaw occurs when a user triggers a race condition by calling bind while simultaneously...

DEBIAN-CVE-2018-18559

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanoutadd from setsockopt and bind on an AFPACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain...