CVE-2026-11559

CVE-2026-11559 affects CodeAstro Payroll System 1.0. The vulnerability exists in an (unnamed) function of the file /view_account.php, where manipulation of the argument ID enables an SQL injection. It is exploitable remotely and the exploit is public. CVSS metrics in the entry show a MEDIUM sever...

CVE-2026-46309

A flaw was found in the Linux kernel's drm/xe/uapi component. This vulnerability allows a Graphics Processing Unit GPU using cohnone coherency mode to bypass CPU caches and read stale sensitive data directly from Dynamic Random-Access Memory DRAM. This can lead to information disclosure, where da...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the INFO level logging when chaincode is deployed in chaincode-as-a-service mode with TLS enabled. An attacker can obtain sensitive information TLS private key by accessing the server...

CVE-2026-46278

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix segfault when updating ftrace mask Fix invalid data access by passing right data for debugfs entry. 171.549793 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 171.559248 M...

UBUNTU-CVE-2026-46309

In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...

UBUNTU-CVE-2026-46278

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix segfault when updating ftrace mask Fix invalid data access by passing right data for debugfs entry. 171.549793 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 171.559248 M...

Deserialization Of Untrusted Data

org.apache.fory:fory-core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling of the Java replace-resolve deserialization path, which allows an attacker to bypass security checks and invoke arbitrary readResolve or readExternal methods through crafted...

CVE-2026-49755

Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decodebody/1 and...

CVE-2026-46443

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Missing XML Validation CVE-2026-1190

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2026-1190 DESCRIPTION: A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup...

CVE-2026-46311

CVE-2026-46311 (Linux kernel) involves the drm/amdgpu/userq path where access to a stale wptr mapping could occur during queue creation. The root cause is improper locking when accessing the mapping data, risking unmapping of wptr_obj while a queue is in progress and another BO is at the same add...

CVE-2026-46309

CVE-2026-46309 concerns the Linux kernel’s DRM-XE UAPI path. The issue arises from missing validation in xe_vm_madvise_ioctl(): it could reject PAT indices with the XE_COH_NONE coherency mode when applied to CPU cached memory. If coh_none is used with CPU cached buffers, the clear operation may s...

EUVD-2026-35119

In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...

CVE-2026-46283

The CVE concerns the Linux kernel TPM driver: tpm_dev_release() frees the chip->auth structure with plain kfree(), leaving sensitive material (HMAC session keys, nonces, passphrase data) in freed memory. Other code paths scrub before free via kfree_sensitive(), so this path risks leaking sensi...

CVE-2026-46278 drm/imagination: Fix segfault when updating ftrace mask

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix segfault when updating ftrace mask Fix invalid data access by passing right data for debugfs entry. 171.549793 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 171.559248 M...

EUVD-2026-35143

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix segfault when updating ftrace mask Fix invalid data access by passing right data for debugfs entry. 171.549793 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 171.559248 M...

CVE-2026-46278

Technical details about CVE-2026-46278 are not provided in the supplied documents. Monitor for updates.

Malicious code in bittensor-burn-alert (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06e89dc9ff0a5d334b67a01c572c036b0740adf6d8669d2fa25c241a0c098116 The package advertises itself as a Bittensor subnet burn-rate monitor but bundles a covert clipboard surveillance daemon in its compiled core module...

EUVD-2026-35111

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is...

CVE-2026-46443

FlowiseAI Flowise (Flowise server) has a credential data leak when querying credentials with a credentialName filter. In versions prior to 3.1.2, the encryptedData field is not removed from the API response for filtered credential fetches, exposing sensitive credential data (API keys, passwords, ...