PT-2026-41723

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A missing authorization issue allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. By using malicious page or...

CVE-2026-8770 continuedev continue JSON-RPC Server lsTool.ts lsTool path traversal

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The...

[BSA-134] Security Update for jq

ChangZhuo Chen uploaded new packages for jq which fixed the following security problems: CVE-2026-32316 jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings...

SUSE-SU-2026:1899-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. - CVE-2026-46300: net: skbuff: propagate shared-frag marker...

ROS-20260516-73-0002

A vulnerability in the RxRPC module of the Linux operating system kernel is related to writing outside buffer boundaries. Exploitation of the vulnerability allows an attacker to cause a denial of service...

CVE-2021-26380

A compromised Trusted OS TOS driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity...

CVE-2021-26380

A compromised Trusted OS TOS driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity...

EUVD-2021-13186

A compromised Trusted OS TOS driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity...

CVE-2021-26380

A compromised Trusted OS TOS driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity...

CVE-2021-26380

CVE-2021-26380 affects a compromised Trusted OS (TOS) driver. The vulnerability could allow a malformed call to cause memory access outside the intended range, potentially impacting system integrity. The base CVSS score is 1.8 (LOW) with local attack vector and high privileges required, and no us...

CVE-2021-26380

A compromised Trusted OS TOS driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity...

SUSE CVE-2026-43479

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in netifnapidellocked on disconnect Remove redundant netifnapidel call from disconnect path. A WARN may be triggered in netifnapidellocked during USB device disconnect: WARNING: CPU: 0 PID: 11 at...

PT-2026-41237

A compromised Trusted OS TOS driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity...

PT-2026-41255

Name of the Vulnerable Software and Affected Versions AMD affected versions not specified Description An out-of-bounds write exists in the AMDGV CMD GET DIAG DATA ioctl handler. This issue could allow a local user to escalate privileges through remote code execution. Recommendations At the moment...

CVE-2026-44661

CVE-2026-44661 affects python-utcp (utcp-http plugin) prior to v1.1.3. The vulnerability arises because register_manual() validates discovery URLs against an HTTPS/loopback allowlist, while call_tool()/call_tool_streaming() reuse tool_call_template.url without revalidation and the OpenAPI convert...

CVE-2026-26062 Fleet server may terminate unexpectedly when handling certain gRPC requests

Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to...

Use of Inherently Dangerous Function

Overview Affected versions of this package are vulnerable to Use of Inherently Dangerous Function via the PQfn function when called with resultisint=0 in the loexport, loread, lolseek64, and lotell64 functions. An attacker can overwrite client stack memory with arbitrary data by sending a special...

CVE-2026-44441

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 15.106.0 and 16.16...

CVE-2026-8328

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

UBUNTU-CVE-2026-8328

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...