Linux Distros Unpatched Vulnerability : CVE-2026-43007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/qaic: Handle DBC deactivation if the owner went away When a DBC is released, the device sends a QAICTRANSDEACTIVATEFROMDEV transaction to the host over th...

CVE-2026-43007

A flaw was found in the accel/qaic component of the Linux kernel. When a user process terminates before the device's deactivation transaction for a Device-Bound Context DBC is fully processed, the host system can become out of sync with available DBCs. This can lead to a denial of service, where ...

CVE-2026-43007

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle DBC deactivation if the owner went away When a DBC is released, the device sends a QAICTRANSDEACTIVATEFROMDEV transaction to the host over the QAICCONTROL MHI channel. QAIC handles this by calling...

EUVD-2026-26606

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle DBC deactivation if the owner went away When a DBC is released, the device sends a QAICTRANSDEACTIVATEFROMDEV transaction to the host over the QAICCONTROL MHI channel. QAIC handles this by calling...

CVE-2026-43007

The CVE-2026-43007 entry relates to the Linux kernel accel/qaic component. Root cause: when a DBC is released, QAIC sends QAIC_TRANS_DEACTIVATE_FROM_DEV and resources are freed via decode_deactivate() in qaic_manage_ioctl() context. If the initiating user process terminates before the deactivatio...

CVE-2026-43007 accel/qaic: Handle DBC deactivation if the owner went away

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle DBC deactivation if the owner went away When a DBC is released, the device sends a QAICTRANSDEACTIVATEFROMDEV transaction to the host over the QAICCONTROL MHI channel. QAIC handles this by calling...

CVE-2026-3140 Ultimate Dashboard <= 3.8.14 - Cross-Site Request Forgery to Module Activation/Deactivation

The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a flawed nonce validation conditional in the 'handlemoduleactions' function. This makes it possible for unauthenticated attackers to toggle plugin...

CVE-2026-3140

The Ultimate Dashboard plugin for WordPress is affected by a Cross-Site Request Forgery in versions up to 3.8.14 due to a flawed nonce validation conditional in the handle_module_actions function, enabling unauthenticated attackers to toggle plugin modules by tricking a site administrator into pe...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from a failure to process a DBC de-activation transaction in the qaic driver after a user leaves, which could...

PT-2026-36424

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle DBC deactivation if the owner went away When a DBC is released, the device sends a QAIC TRANS DEACTIVATE FROM DEV transaction to the host over the QAIC CONTROL MHI channel. QAIC handles this by calling decode...

WordPress Ultimate Dashboard – Custom WordPress Dashboard plugin <= 3.8.14 - Cross-Site Request Forgery to Module Activation/Deactivation vulnerability

Cross-Site Request Forgery to Module Activation/Deactivation vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Ultimate Dashboard versions = 3.8.14...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012987)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012987 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: do not free live element Pablo reports a crash with large batches of...

Revive Adserver: Banner status override by advertiser‑level users

A vulnerability was reported in Revive Adserver 6.0.6 and earlier, which allowed an advertiser-level user to activate or deactivate a banner without proper permissions. The issue was caused by the banner-edit.php script, which allowed the banner status to be overwritten solely based on banner edi...

CVE-2026-34572

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deactivated. Due to a logic flaw in the...

CVE-2026-34572

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deactivated. Due to a logic flaw in the...

CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

Summary Vulnerability: Improper Session Invalidation on Account Deactivation Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are...

EUVD-2026-18089

CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation Logic Flaw...

GHSA-8FQ3-C5W3-PJ3Q CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

Summary Vulnerability: Improper Session Invalidation on Account Deactivation Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are...

Incorrect Comparison Logic Granularity

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Incorrect Comparison Logic Granularity in the session management process. An attacker can retain full access to protected resources and perform privileged actions by...

CVE-2026-34572

CI4MS is a CodeIgniter 4-based CMS skeleton. Before version 0.31.0.0, deactivated accounts do not have their active sessions revoked promptly; authentication-only enforcement allows already-authenticated users to retain access. The root cause is a backend logic flaw where account state changes ar...