PT-2026-27741

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the nvmet-fcloop component. Specifically, a missing check for the remoteport port state before invoking the done callback in nvme fc handle ls rqs...

PT-2026-6131

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the kvaser usb module. Specifically, the issue occurs within the kvaser usb read bulk callback function when handling USB-in transfers. The URB...

PT-2026-27672

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the ems usb read bulk callback function related to handling USB urb data lengths. The function incorrectly uses the size of the buffer passed to...

PT-2026-6164

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The uacce module, which supports device isolation, creates sysfs files if the driver implements the isolate err threshold read and isolate err threshold write callback functions. Users c...

PT-2026-6145

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the esd usb read bulk callback function. This issue occurs because the USB framework unanchors URBs before the completion function is called,...

PT-2026-8159

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the rocker module within the Linux kernel, specifically within the rocker world port post fini function. When ports are removed, memory allocated for rocker...

PT-2026-27689

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the handling of USB urb USB Request Block anchoring within the etas es58x CAN Controller Area Network driver. Specifically, the read bulk callback lacked proper anchorin...

PT-2026-6128

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the ems usb read bulk callback function. This issue occurs because the USB framework unanchors URBs before the completion function is called,...

SUSE CVE-2022-50820

In the Linux kernel, the following vulnerability has been resolved: perf/armdmc620: Fix hotplug callback leak in dmc620pmuinit dmc620pmuinit won't remove the callback added by cpuhpsetupstatemulti when platformdriverregister failed. Remove the callback by cpuhpremovemultistate in fail path. Simil...

SUSE CVE-2023-54193

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: remove blockcb from driverlist before freeing Error handler of tcfblockbind frees the whole bo-cblist on error. However, by that time the flowblockcb instances are already in the driver list because driver...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992830)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992830 advisory. In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9khifusbrxcb Syzbot reported use-after-free Read in ath9khifusbrx...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992894)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992894 advisory. In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993276)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993276 advisory. In the Linux kernel, the following vulnerability has been resolved: nfsd: put dlstid if fail to queue dlrecall Before calling nfsd4runcb to queue dlrecall to the...

SUSE-SU-2026:20054-1 Security update for capstone

This update for capstone fixes the following issues: - CVE-2025-67873: missing bounds check on user-provided skipdata callback can lead to a heap buffer overflow bsc1255309. - CVE-2025-68114: unchecked vsnprintf return value can lead to a stack buffer overflow bsc1255310...

Cross-site Scripting (XSS)

Overview yourls/yourls is an is a set of PHP scripts that allow you to run Your Own URL Shortener. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the callback and jsonp request parameters, which are concatenated into the response without proper sanitization. An...

EUVD-2025-205842

YOURLS is vulnerable to XSS through JSONP and Callback request parameters...

YOURLS is vulnerable to XSS through JSONP and Callback request parameters

Summary The callback and jsonp request parameters are directly concatenated into the response without any sanitization that allowing attackers to inject arbitrary JS code. When YOURLSPRIVATE is set to false public API mode, this vulnerability can be exploited by any unauthenticated attacker. In...

GHSA-6MP4-Q625-MXJP YOURLS is vulnerable to XSS through JSONP and Callback request parameters

Summary The callback and jsonp request parameters are directly concatenated into the response without any sanitization that allowing attackers to inject arbitrary JS code. When YOURLSPRIVATE is set to false public API mode, this vulnerability can be exploited by any unauthenticated attacker. In...

EUVD-2022-55854

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix type of second parameter in odneditdpmtable callback With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sur...

EUVD-2022-55878

In the Linux kernel, the following vulnerability has been resolved: perf/armdmc620: Fix hotplug callback leak in dmc620pmuinit dmc620pmuinit won't remove the callback added by cpuhpsetupstatemulti when platformdriverregister failed. Remove the callback by cpuhpremovemultistate in fail path. Simil...