CVE-2026-46294 dm: fix a buffer overflow in ioctl processing

In the Linux kernel, the following vulnerability has been resolved: dm: fix a buffer overflow in ioctl processing Tony Asleson using Claude found a buffer overflow in dm-ioctl in the function retrievestatus: 1. The code in retrievestatus checks that the output string fits into the output buffer a...

OPENSUSE-SU-2026:20923-1 Security update for apache-pdfbox

This update for apache-pdfbox fixes the following issues: Update to version 2.0.36. Security issues fixed: - CVE-2026-33929: path traversal in the ExtractEmbeddedFiles example code can lead to arbitrary file writes bsc1262046. Other updates and bugfixes: - Version 2.0.36: - XMPBox removes...

SUSE-SU-2026:22062-1 Security update for libzypp

This update for libzypp fixes the following issue Version 17.38.12 35: - CVE-2026-44941: path traversal via "keyhint" bsc1267426...

Important: Red Hat Security Advisory: Multicluster Global Hub 1.7.1 security update

Multicluster Global Hub v1.7.1 general availability release images, which provide security fixes, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse

Meta says an Instagram recovery tool bug allowed attackers to abuse password resets, affecting 20,225 accounts and exposing users without 2FA to account takeover risk...

PT-2026-47373

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.12-1.1 Description A flaw in the SELinux component allows only a single open of the '/sys/fs/selinux/policy' endpoint at any time. This...

PT-2026-47600

Name of the Vulnerable Software and Affected Versions netty-handler versions prior to 4.1.135.Final netty-handler versions prior to 4.2.15.Final Description An incorrect masking operation in the compareTo function of the IpSubnetFilterRule class allows an attacker to bypass IPv6 subnet rules...

PT-2026-47275

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOM Helpers::deserialize block attributes' method converting unicode-encoded...

PT-2026-47285

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

RHEL 9 : rhc (RHSA-2026:24337)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24337 advisory. rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security...

TencentOS Server 4: giflib (TSSA-2026:0421)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0421 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

PT-2026-47289

Finally !!! - CVE-2026-50168 Angular 100k⭐️ https://t.co/gCwvYlXpR0 BugBounty GoogleVRP https://t.co/ViwfEVlp4R...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1817)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1817 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: remove read access to debugfs files CVE-2025-39901 In the Linux kernel, the following vulnerability has been resolved:...

Amazon Linux 2 : capstone, --advisory ALAS2-2026-3351 (ALAS-2026-3351)

The version of capstone installed on the remote host is prior to 3.0.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3351 advisory. Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a...

Debian dla-4621 : glibc-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4621 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4621-1 [email protected]...

Linux Distros Unpatched Vulnerability : CVE-2026-46279

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively lat...

TencentOS Server 3: kernel (TSSA-2026:0417)

"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0417 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilitie...

Server-side Request Forgery (SSRF)

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via...

Amazon Linux 2023 : perl-YAML-Syck, perl-YAML-Syck-tests (ALAS2023-2026-1769)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1769 advisory. YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When...

AlmaLinux 10 : kernel (ALSA-2026:18134)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:18134 advisory. kernel: tcpbpf: Fix the skmemuncharge logic in tcpbpfsendmsg CVE-2024-56633 kernel: KVM: x86: Load DR6 with guest value only before entering .vcpurun lo...