ROS-20260408-73-0007

A vulnerability in the fs/ntfs3/file.c component of the Linux kernel is related to mutual blocking of execution threads. Exploitation of the vulnerability allows an attacker to cause a denial of service...

OpenClaw: Pairing pending-request caps were enforced per channel instead of per account

Summary Before OpenClaw 2026.3.31, pending pairing-request caps were enforced per channel file instead of per account. On multi-account channel setups, requests from other accounts could fill the shared pending window and block new pairing challenges on an unaffected account. Impact This issue...

Linux Distros Unpatched Vulnerability : CVE-2026-35545

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message...

Linux Distros Unpatched Vulnerability : CVE-2026-35542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a...

GHSA-2M67-WJPJ-XHG9 Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers

Summary Jackson Core 3.x does not consistently enforce StreamReadConstraints.maxDocumentLength. Oversized JSON documents can be accepted without a StreamConstraintsException in multiple parser entry points, which allows configured size limits to be bypassed and weakens denial-of-service...

Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers

Summary Jackson Core 3.x does not consistently enforce StreamReadConstraints.maxDocumentLength. Oversized JSON documents can be accepted without a StreamConstraintsException in multiple parser entry points, which allows configured size limits to be bypassed and weakens denial-of-service...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the enforcement of document length constraints in blocking, async, and DataInput parser processes. An attacker can cause excessive resource consumption by submitting oversized JSON...

EUVD-2026-18764

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM -tfmcount leak If memory allocation fails, decrement -tfmcount to avoid blocking future reads...

CVE-2026-31391

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM -tfmcount leak If memory allocation fails, decrement -tfmcount to avoid blocking future reads...

CVE-2026-31391

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM -tfmcount leak If memory allocation fails, decrement -tfmcount to avoid blocking future reads...

UBUNTU-CVE-2026-31391

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM -tfmcount leak If memory allocation fails, decrement -tfmcount to avoid blocking future reads...

CVE-2026-31391

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM -tfmcount leak If memory allocation fails, decrement -tfmcount to avoid blocking future reads...

CVE-2026-31391 crypto: atmel-sha204a - Fix OOM ->tfm_count leak

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM -tfmcount leak If memory allocation fails, decrement -tfmcount to avoid blocking future reads...

CVE-2026-35543

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email that includes Scalable Vector Graphics SVG content with animation attributes. This vulnerability may lead to unauthorized information disclosure or an...

CVE-2026-35545

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted e-mail message containing SVG Scalable Vector Graphics content. This bypass may lead to information disclosure or an access-control bypass, allowing the attacker ...

CVE-2026-35542

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email containing a malicious background attribute within a BODY element. This vulnerability may lead to unauthorized information disclosure or an access-control...

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the remote image blocking process. An attacker can obtain sensitive information or bypass access controls by embedding specially crafted SVG content with animate attributes in an email...

EUVD-2026-18587

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass...

EUVD-2026-18593

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke...

EUVD-2026-18589

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content with animate attributes in an e-mail message. This may lead to information disclosure or access-control bypass...