20722 matches found
UBUNTU-CVE-2026-43356
In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...
CVE-2026-43356
In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...
CVE-2026-43356 iio: imu: adis: Fix NULL pointer dereference in adis_init
In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...
CVE-2026-43356
The CVE-2026-43356 issue affects the Linux kernel IIO ADIS IMU drivers (e.g., adis16480, adis16490, adis16545). In adis_init(), the code dereferences adis->ops to inspect function pointers without first verifying that adis->ops itself is non-NULL, leading to a NULL pointer dereference durin...
CVE-2026-43356
In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...
CVE-2026-44339
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and main after it fails to match the declared tool list and the registry. With the default agent configuration,...
CLSA-2026-1778055087 php: Fix of 3 CVEs
CVE-2018-5711: Fix infinite loop in gdImageCreateFromGifCtx libgd when reading crafted GIF - CVE-2018-17082: Fix XSS via Transfer-Encoding: chunked in apache2 SAPI - CVE-2018-10545: Do not set PRSETDUMPABLE by default in php-fpm child...
CVE-2026-44916
In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...
CVE-2026-42272
CVE-2026-42272 affects Heimdall, a cloud-native Identity Aware Proxy/Access Control service. Before v0.17.14, it treated URL-encoded slashes (%2F) as case-sensitive while percent-encodings must be case-insensitive, causing %2f to be ignored when allow_encoded_slashes is off (default). This discre...
SUSE CVE-2026-43267
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential zero beacon interval in beacon tracking During fuzz testing, it was discovered that bssconf-beaconint might be zero, which could result in a division by zero error in subsequent calculations. Set a...
EUVD-2026-28461
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...
OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
GHSA-MM7J-MHHJ-HJ36 OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
PT-2026-39199
Name of the Vulnerable Software and Affected Versions FlashMQ versions prior to 1.26.1 Description A remote client with retained publish permission can cause a denial of service by crashing the broker. This occurs when both set retained message defer timeout and set retained message defer timeout...
FlashMQ 数字错误漏洞
FlashMQ is a fast and lightweight MQTT proxy server developed by Wiebe Cazemier. Versions of FlashMQ prior to 1.26.1 contained a numerical error vulnerability. This vulnerability could cause the FlashMQ proxy to crash and lead to a denial-of-service attack when the setretainedmessagedefertimeout...
PT-2026-39017
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the adis init function. The function attempts to dereference adis-ops to verify if specific function pointers write, read, reset are NULL without fir...
Linux Distros Unpatched Vulnerability : CVE-2026-41889
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted...
Missing Authorization
Overview org.springframework.ai:spring-ai-openai is an OpenAI models support Affected versions of this package are vulnerable to Missing Authorization via the default configuration of the Spring AI chat memory component. An attacker can access data from other users when DEFAULTCONVERSATIONID is n...
CVE-2026-40213
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...
UBUNTU-CVE-2026-40213
OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...