CVE-2026-43306 bpf: crypto: Use the correct destructor kfunc type

In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct destructor kfunc type With CONFIGCFI enabled, the kernel strictly enforces that indirect function calls use a function pointer type that matches the target function. I ran into the following type...

Dirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPC

Unpatched kernel flaw chain CVE-2026-43284, CVE-2026-43500 enables root escalation on major Linux distributions...

CVE-2026-43284

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

Exploit for Write-what-where Condition in Linux Linux_Kernel

Dirty Frag mitigation script This script: 1. Block...

CVE-2026-43941

Electerm CVE-2026-43941 affects version 3.8.15 and earlier. The terminal hyperlink handler forwards any URL clicked in the terminal directly to shell.openExternal without protocol validation. An attacker controlling terminal output (e.g., via a malicious SSH server, compromised remote host, or ma...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the VCN poison interrupt for VCNv2.5 is not enabled, but attempts to operate when i...

PT-2026-39130

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the xprtrdma component where the rpcrdma post recvs function fails to decrement the re receiving variable on early exit paths, such as during memory allocation failure...

Server-side Request Forgery (SSRF)

Overview utcp-http is an UTCP communication protocol plugin for HTTP, SSE, and streamable HTTP, plus an OpenAPI converter. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the calltool and calltoolstreaming functions when attacker-controlled URLs from OpenA...

vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak

Summary vm2's CallSite wrapper class intended as a safe wrapper for V8's native CallSite blocks getThis and getFunction to prevent host object leakage, but allows getFileName to return unsanitized host absolute paths. Any sandboxed code can extract the full directory structure, library paths, and...

CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

PT-2026-38596

OpenStack Cyborg before 16.0.1 uses rule:allow check str='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can comple...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the gRPC management server. An attacker can access sensitive BGP configuration and manipulate routing decisions by sending unauthorized gRPC requests from any pod within the cluster. This...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the gRPC management server. An attacker can access sensitive BGP configuration and manipulate routing decisions by sending unauthorized gRPC requests from any pod within the cluster. This...

CVE-2026-31195

The ping diagnostic handler in /bin/httpdclientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...

CVE-2026-43173

A flaw was found in the Linux kernel. A local user can trigger a NULL pointer dereference in the ixp4xxgettsinfo function within the network ethernet xscale driver. This occurs because ixp46xptpfind is unconditionally called, even on systems that do not support the ixp46x PTP feature. Successful...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 "Copy Fail" - Advanced LPE Proof-of-Concept -...

WordPress Zingaya Click-to-Call plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Julian Chibuike Nwadinobi Wackydawg - streamio in WordPress Plugin Zingaya Click-to-Call versions = 1.0...

Insights into the clustering and reuse of phone numbers in scam emails

Cisco Talos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise IOC. In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails. According to Talos' observations, the ease of API-driven...

AgentTrust: Runtime Safety Evaluation and Interception for AI Agent Tool Use

Modern AI agents execute real-world side effects through tool calls such as file operations, shell commands, HTTP requests, and database queries. A single unsafe action, including accidental deletion, credential exposure, or data exfiltration, can cause irreversible harm. Existing defenses are...

PT-2026-37489

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the net: wan/fsl ucc hdlc component where priv-rx buffer and priv-tx buffer are allocated together as contiguous buffers in the uhdlc init function but are incorrectly...