CVE-2026-23231

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix use-after-free in nftablesaddchain nftablesaddchain publishes the chain to table-chains via listaddtailrcu in nftchainadd before registering hooks. If nftablesregisterhook then fails, the error path calls...

CVE-2026-23231

CVE-2026-23231 affects the Linux kernel nf_tables code. The root cause is a use-after-free in nf_tables_addchain(), where a new chain is published to a table via list_add_tail_rcu() before hooks are registered; on failure the error path frees the chain without an RCU grace period, creating use-af...

CVE-2026-23231 netfilter: nf_tables: fix use-after-free in nf_tables_addchain()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix use-after-free in nftablesaddchain nftablesaddchain publishes the chain to table-chains via listaddtailrcu in nftchainadd before registering hooks. If nftablesregisterhook then fails, the error path calls...

Security Bulletin: Vulnerabilities in MongoDB Server might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Zlib which use by MongoDB server. Vulnerability include mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client as described by t...

CVE-2025-50189

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resourcedocumentSQLINJECTIONHERE and POST login parameters found in /main/coursecopy/copycoursesessionselected.php, which allows an attack...

PT-2026-22922

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The UFX IOCTL REPORT DAMAGE ioctl does not correctly copy data from user space to kernel space. Instead, it directly references the memory, which can lead to issues if invalid data is...

Cisco Secure Firewall Adaptive Security Appliance 安全漏洞

Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software developed by Cisco, Inc. There is a security vulnerability in Cisco Secure Firewall Adaptive Security Appliance. This vulnerability stems from improper access control operations during the secure copy...

GHSA-2MC2-G238-722J OpenClaw affected by iMessage remote attachment SCP hardening (strict host-key checks and remoteHost validation)

Summary Remote iMessage attachment fetches used SCP with trust-on-first-use host-key behavior and accepted unvalidated remote host tokens. Before the fix: - SCP used StrictHostKeyChecking=accept-new in the remote attachment path. - channels.imessage.remoteHost was not validated as a strict SSH ho...

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-22855: heap-buffer-overflow in smartcardunpacksetattribcall bsc1256721. CVE-2026-22857: heap-use-after-free in irpthreadfunc bsc1256723. CVE-2026-23533: improper validation can lead to heap buffer overflow in cleardecompressresidualdata...

SUSE-SU-2026:0761-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-22855: heap-buffer-overflow in smartcardunpacksetattribcall bsc1256721. - CVE-2026-22857: heap-use-after-free in irpthreadfunc bsc1256723. - CVE-2026-23533: improper validation can lead to heap buffer overflow in...

Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to remediate following vulnerabilities: Linux vulnerabilities in libraries such as bzip2, nghttp2, libxml2, unbound, libsoup, pam, sudo, java, openssh, glib2, expat, httpd, and linux-firmware. Safe Guarded Copy vulnerability within the...

SUSE CVE-2026-28417

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005529)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005529 advisory. In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 skbuff...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005691)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005691 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: avoid possible NULL skb pointer dereference In 'mwifiexhandleuaprxforward', always...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005649 advisory. In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 skbuff...

CVE-2025-50189

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resourcedocumentSQLINJECTIONHERE and POST login parameters found in /main/coursecopy/copycoursesessionselected.php, which allows an attack...

EUVD-2025-208158

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resourcedocumentSQLINJECTIONHERE and POST login parameters found in /main/coursecopy/copycoursesessionselected.php, which allows an attack...

CVE-2025-50189

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resourcedocumentSQLINJECTIONHERE and POST login parameters found in /main/coursecopy/copycoursesessionselected.php, which allows an attack...

A fake FileZilla site hosts a malicious download

A trojanized copy of the open-source FTP client FileZilla 3.69.5 is circulating online. The archive contains the legitimate FileZilla application, but with a single malicious DLL added to the folder. When someone downloads this tampered version, extracts it, and launches FileZilla, Windows loads...

Chamilo SQL注入漏洞

Chamilo is a learning management system open source by Chamilo. Chamilo copycoursesessionselected.php file contains a SQL injection vulnerability that can be exploited by an attacker to execute illegal SQL commands to steal sensitive database data...