CVE-2026-23147

The CVE-2026-23147 issue concerns Linux kernel btrfs zlib compression on S390 hardware acceleration. After a refactor (S390x HW acceleration), the code stopped releasing the page cache folio returned by btrfs_compress_filemap_get_folio(), leading to a folio leak. The root cause is a missing folio...

CVE-2026-23147 btrfs: zlib: fix the folio leak on S390 hardware acceleration

In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix the folio leak on S390 hardware acceleration BUG After commit aa60fe12b4f4 "btrfs: zlib: refactor S390x HW acceleration buffer preparation", we no longer release the folio of the page cache of folio returned by...

EUVD-2026-5899

In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into...

CVE-2026-23138

In CVE-2026-23138, the Linux kernel fixes an infinite recursion bug triggered when tracing the RCU events with the stack-trace trigger enabled. The patch expands ftrace recursion protection by adding a set of bits to protect events from recursion across contexts (normal, softirq, interrupt, and N...

PT-2026-8142

In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix the folio leak on S390 hardware acceleration BUG After commit aa60fe12b4f4 "btrfs: zlib: refactor S390x HW acceleration buffer preparation", we no longer release the folio of the page cache of folio returned by...

Linux Distros Unpatched Vulnerability : CVE-2026-23184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF in bindernetlinkreport Oneway transactions sent to frozen targets via...

PT-2026-8192

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF in binder netlink report Oneway transactions sent to frozen targets via binder proc transaction return a BR TRANSACTION PENDING FROZEN error but they are still treated as successful since the target is expected to...

Linux Distros Unpatched Vulnerability : CVE-2026-23138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kerne...

CLSA-2026-1770734656 expat: Fix of CVE-2026-24515

CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers...

CVE-2026-23112

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmettcpbuildpduiovec nvmettcpbuildpduiovec could walk past cmd-req.sg when a PDU length or offset exceeds sgcnt and then use bogus sg-length/offset values, leading to copytoiter GPF/KASAN. Guard...

CVE-2026-23112

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmettcpbuildpduiovec nvmettcpbuildpduiovec could walk past cmd-req.sg when a PDU length or offset exceeds sgcnt and then use bogus sg-length/offset values, leading to copytoiter GPF/KASAN. Guard...

CVE-2026-23112 nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmettcpbuildpduiovec nvmettcpbuildpduiovec could walk past cmd-req.sg when a PDU length or offset exceeds sgcnt and then use bogus sg-length/offset values, leading to copytoiter GPF/KASAN. Guard...

CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

Kanboard 安全漏洞

Kanboard is a set of open-source visualization taskboards developed by Kanboard. This software allows for the customization of panels according to business needs. Versions of Kanboard prior to 1.2.50 contained security vulnerabilities. These vulnerabilities stemmed from the...

CVE-2026-1320

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-1320 Secure Copy Content Protection and Content Locking <= 4.9.8 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-70083

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OSMAXPATHLEN. If the length of DirName i...

OpenSatKit 安全漏洞

OpenSatKit is an open-source application development toolkit developed by OpenSatKit. Version 2.2.1 of OpenSatKit contains a security vulnerability. This vulnerability stems from a stack buffer overflow during the copy operation of the DirName field, which may lead to overwriting of adjacent stac...

CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper sanitation of paths received from SCP servers. An attacker can access or modify files outside the intended directory by sending specially crafted file paths. Note: Libssh maintainers strongly discourage...