CVE-2026-45911 usb: cdns3: fix role switching during resume

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. T...

SUSE CVE-2024-12289

Boundary Community Edition and Boundary Enterprise “Boundary” incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary...

PT-2026-43778

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the cdns3 driver when a role switch to host mode happens during the system resume process. The start operation of the host role registers a xhci-hcd...

Jenkins Pipeline: Groovy Libraries Plugin 安全漏洞

Jenkins Pipeline: The Groovy Libraries Plugin is an open-source Jenkins Pipeline plugin that manages Groovy libraries. The Jenkins Pipeline: Groovy Libraries Plugin versions 797.v90eaa9be45a0 and earlier have security vulnerabilities. These vulnerabilities stem from the lack of protection against...

PT-2026-44013

Name of the Vulnerable Software and Affected Versions Jenkins Email Extension Plugin versions prior to 1933.v45cec755423f Description The plugin allows inlining images as base64 in email content by setting the data-inline attribute. Because there are no restrictions on the image URLs that can be...

CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

IBM Controller 信任管理问题漏洞

IBM Controller is a web-based financial consolidation tool developed by the American multinational company International Business Machines IBM. Versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 of IBM Controller contain vulnerabilities related to trust management. These vulnerabilities stem from the us...

CVE-2026-38807

The CVE-2026-38807 entry concerns an insecure permissions vulnerability in kvf-admin v1.0.0 that enables a remote attacker to escalate privileges via the UserController.java component. Affected software is kvf-admin; the root cause is insecure access control in UserController.java leading to unau...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the spi imx controller is not properly referenced when unbinding, potentially leadi...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from the cdns3 USB driver’s role switching during recovery. During this process, the resume...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a failure in the spisetup function during spi device registration, resulting in the controller...

CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

PT-2026-44014

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Libraries Plugin versions prior to 797.v90ea a 9b e45a 0 Description The plugin does not prohibit symbolic links in shared libraries. This allows attackers who can control the content of a library used by a Pipeline jo...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Samba vulnerabilities (USN-8306-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8306-1 advisory. Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacke...

PT-2026-43863

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the SPI subsystem of the Linux kernel. The subsystem frees the controller and any allocated driver data during deregistration, unless the allocation is...

CVE-2026-9580 JeecgBoot selectDepart LoginController.selectDepart access control

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...

kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()

A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...

CVE-2026-9518

The vulnerability CVE-2026-9518 affects hemant6488’s CodeIgniter-StudentManagementSystem, specifically the Students Controller function addStudent in view_students.php. The issue is cross site scripting caused by manipulating the Name argument, enabling remote exploitation. Documents indicate the...

kavita 访问控制错误漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0 contained an access control vulnerability. This vulnerability stemmed from the ReaderController.GetImage endpoint, which allowed completely unauthenticated access,...

Student Management System 代码注入漏洞

Student Management System is a student management system developed by Krishanmurariji. There is a code injection vulnerability in Student Management System. This vulnerability stems from improper handling of the Name parameter in the addStudent function of the Students Controller component, which...