PT-2026-36435

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the Bluetooth component. In the hci le remote conn param req evt function, the hci conn lookup and field access are not properly protected by the hde...

PT-2026-36513

Name of the Vulnerable Software and Affected Versions cannelloni version 2.0.0 Description A buffer overflow occurs during CAN frame parsing. This issue exists within the parseCANFrame function in parser.cpp and the decodeFrame function in decoder.cpp. Remote attackers can exploit this by sending...

CVE-2026-37539

CVE-2026-37539 affects cannelloni v2.0.0. A buffer overflow in CAN frame parsing (parser.cpp, function parseCANFrame) and in decoding (decoder.cpp, function decodeFrame) enables remote attackers to crash the process or potentially execute arbitrary code by crafting CAN FD frames. This vulnerabili...

PT-2026-36406

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth component where hci store wake reason is called within hci event packet before the per-event minimum payload length is enforced by hci event func. This...

PT-2026-36393

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free error exists in the usbtmc release function. This occurs because pending anchored URBs USB Request Blocks are not properly flushed or killed, which can lead to memory...

CVE-2026-7502

A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated...

CVE-2026-7501

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2026-7502

CVE-2026-7502 affects LinkStackOrg LinkStack up to version 4.8.6. The vulnerability is in the saveLink function of app/Http/Controllers/UserController.php (Management Endpoint), enabling an authorization bypass. The issue is exploitable remotely and has publicly disclosed exploit information. A f...

CVE-2026-7502 LinkStackOrg LinkStack Management Endpoint UserController.php saveLink authorization

A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated...

CVE-2026-7501

The CVE pertains to LinkStackOrg LinkStack (up to version 4.8.6). The vulnerability affects the editPage function in app/Http/Controllers/UserController.php, caused by manipulation of the pageDescription argument which enables cross-site scripting. Exploitation is possible remotely and public exp...

EUVD-2026-26438

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2026-7501 LinkStackOrg LinkStack UserController.php editPage cross site scripting

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2026-7501 LinkStackOrg LinkStack UserController.php editPage cross site scripting

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2026-7501

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2026-7306

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument defaulttok...

PT-2026-36191

Name of the Vulnerable Software and Affected Versions LinkStackOrg LinkStack versions prior to 4.8.7 Description A weakness in the editPage function within the app/Http/Controllers/UserController.php file allows for remote cross-site scripting XSS, which occurs when a user-supplied value is...

LinkStack 授权问题漏洞

LinkStack is a unique platform developed by LinkStack OpenSource, offering efficient solutions for managing and sharing links online. Version 4.8.6 and earlier of LinkStack contained an authorization vulnerability. This vulnerability originated from the saveLink function in the Management Endpoin...

ovn: OVN: Information disclosure via crafted DHCPv6 packets

A flaw was found in OVN Open Virtual Network. A remote attacker, by sending crafted DHCPv6 Dynamic Host Configuration Protocol for IPv6 SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the...

ovn: ovn: Heap Over-Read in ICMP Error Response Generation

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

ovn: OVN: Information disclosure via crafted DHCPv6 packets

A flaw was found in OVN Open Virtual Network. A remote attacker, by sending crafted DHCPv6 Dynamic Host Configuration Protocol for IPv6 SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the...