CVE-2026-23382

A flaw was found in the Linux kernel's Human Interface Device HID drivers. This vulnerability occurs when raw event callbacks are processed for an unclaimed HID device, due to missing input validation checks. A local attacker, by connecting a specially crafted HID device, could trigger a NULL...

CVE-2026-23281

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-free in lbsfreeadapter The lbsfreeadapter function uses timerdelete non-synchronous for both commandtimer and txlockuptimer before the structure is freed. This is incorrect because timerdelete does n...

UBUNTU-CVE-2026-23382

In the Linux kernel, the following vulnerability has been resolved: HID: Add HIDCLAIMEDINPUT guards in rawevent callbacks missing them In commit 2ff5baa9b527 "HID: appleir: Fix potential NULL dereference at raw event handle", we handle the fact that raw event callbacks can happen even for a HID...

CVE-2026-23382

The CVE-2026-23382 entry concerns the Linux kernel HID subsystem. The issue arises when raw HID event callbacks can fire for a device that has not been claimed, potentially leading to a crash due to a missing HID_CLAIMED_INPUT guard. The fix, described in the upstream commit 2ff5baa9b527, adds th...

CVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them

In the Linux kernel, the following vulnerability has been resolved: HID: Add HIDCLAIMEDINPUT guards in rawevent callbacks missing them In commit 2ff5baa9b527 "HID: appleir: Fix potential NULL dereference at raw event handle", we handle the fact that raw event callbacks can happen even for a HID...

SUSE CVE-2026-29773

Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manner,...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from incorrectly anchoring urbs during batch callbacks, potentially leading to urb leaks...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fcloopt2hxmtlsrsp function not checking the status of the remoteport port. This could lead to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from repeated calls to interrupt callback functions. This vulnerability may lead to warnings and...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from incorrectly anchoring urbs during batch callbacks, potentially leading to urb leaks...

CVE-2026-33330 FileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callback

FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save...

OpenClaw has an unspecified vulnerability (CNVD-2026-14838)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to enforce sender authorization checks on interactive callbacks in shared workspace deployments, which can be exploited by an attacker to cause...

Code Injection

SimpleEval is vulnerable to code injection. The vulnerability is due to objects leaking dangerous modules through to direct access inside the sandbox, where dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call...

DEBIAN-CVE-2026-32942

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...

CVE-2026-32942

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...

CVE-2026-32942

PJSIP (C library) contains a heap use-after-free in the ICE session for versions 2.16 and earlier, caused by race conditions between session destruction and callbacks. This may lead to crashes; upgrading to version 2.17 fixes the issue. References confirm affected versions and fix.

CVE-2026-32942 PJSIP has ICE session use-after-free race conditions

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...

CVE-2026-32942

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...

PT-2026-26551

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.16 and below Description PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free issue in the ICE session. This occurs when race conditions happen...

CVE-2026-32005

OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...