CVE-2026-6565

The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '/wp-json/agwp/v1/tokens/save' endpoint kit title parameter in versions up to, and including, 2.5.0 due to insufficient input...

Insecure Default Initialization of Resource

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the Context.spawn function. An attacker can access prototype-chain properties of objects...

LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`

Summary Context.spawn in liquidjs creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value. The new context re-derives ownPropertyOnly from opts.ownPropertyOnly the instance-level option, silently discarding any...

CVE-2026-46068

crypto: nx - fix bounce buffer leaks in nx842cryptoalloc,freectx...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the damonstatstart function fails to destroy the DAMON context and reset global...

PT-2026-43823

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The vidi connection ioctl function incorrectly retrieves driver data from drm dev-dev to obtain a struct vidi context pointer. Because drm dev-dev refers to the exynos-drm master device,...

PT-2026-43691

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aie destroy context is invoked during error handling in aie2 create context. However, aie destroy context assumes that the context's mailbox channel pointer...

CVE-2026-45956

drm/exynos: vidi: use priv-vididev for ctx lookup in vidiconnectionioctl...

CVE-2025-71308

accel/amdxdna: Fix potential NULL pointer dereference in context cleanup...

PT-2026-43626

Name of the Vulnerable Software and Affected Versions LiquidJS versions 10.25.7 and earlier Description An issue exists in the Context.spawn function where it fails to propagate the parent context's resolved ownPropertyOnly value when creating a child context for the % render % tag. Instead, the...

CVE-2026-46041

greybus: gb-beagleplay: fix sleep in atomic context in hdlctxframes...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iommu/vt-d driver failing to clear the Present bit when removing context entries. This can le...

Linux Distros Unpatched Vulnerability : CVE-2026-45944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommu/vt-d: Clear Present bit before tearing down context entry When tearing down a context entry, the current implementation zeros the entire 128-bit entry usi...

CVE-2026-45944

iommu/vt-d: Clear Present bit before tearing down context entry...

Linux Distros Unpatched Vulnerability : CVE-2026-46049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: ctxfi: Add fallback to default RSR for S/PDIF spdifpassthruplaybackgetresources uses atc-pllrate as the RSR for the MSR calculation loop. However, pllrate...

PT-2026-43811

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the iommu/vt-d component where tearing down a context entry involves zeroing a 128-bit entry using multiple 64-bit writes. This process can create a window where...

Linux Distros Unpatched Vulnerability : CVE-2026-45956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/exynos: vidi: use priv-vididev for ctx lookup in vidiconnectionioctl vidiconnectionioctl retrieves the driverdata from drmdev-dev to obtain a struct...

PT-2026-43875

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the damos walk and kdamond fn functions. When the kdamond fn main loop finishes, it cancels remaining damos walk requests and unsets damon ctx-kdamond...

PT-2026-43908

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A flaw exists in the greybus gb-beagleplay component where the hdlc append function calls usleep range while the tx producer...

PT-2026-43780

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the bridge multicast component where the mdb n entries count for VLAN contexts is updated conditionally. This can lead to a state where a decrease operation is perform...