PT-2026-42680

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.4 Description Deleted API tokens continue to authenticate requests until their cache entry expires because the authentication cache is not invalidated by the token value during deletion. The deletion process...

Linux Distros Unpatched Vulnerability : CVE-2026-43371

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time t...

CVE-2026-46727 - Use-after-free in pthread-based getaddrinfo timeout handler

SUMMARY A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that calls Addrinfo.getaddrinfo..., timeout: o...

EUVD-2026-30929

Sparx Pro Cloud Server is vulnerable to a Race Condition in the /dataapi/dlinternalartifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves loaded content in current location DIR under the specified name. An attacker with repository access...

BIT-GRAFANA-2026-33381 Users can generate Service Account tokens after permissions removal

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...

EUVD-2026-30146

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...

CVE-2026-33381

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...

CVE-2026-33381

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...

CVE-2026-33381

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...

CVE-2026-33381

Grafana CVE-2026-33381 affects Grafana: when a user’s access to mint tokens for a service account is revoked, token minting can still succeed for a few seconds after the revocation. The issue is addressed in Grafana openSUSE/OpenSUSE advisory updates and upstream Grafana fixes, notably Grafana 11...

Users can generate Service Account tokens after permissions removal

When a user’s access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...

PT-2026-40794

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A race condition exists where a user may still be able to mint tokens for a service account for a few seconds after their access has been revoked. Recommendation...

CVE-2026-44296 Deskflow: TLS multiplexer DoS on failed `SSL_accept`

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...

CVE-2026-44296

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...

CVE-2026-43435

In the Linux kernel, the following vulnerability has been resolved: rustbinder: fix oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted into the tree. So the new request was not being factored in the spam calculation. Fix this by moving...

EUVD-2026-28526

UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the addrconfpermanentaddr function in IPv6 address configuration. This function may lead to memor...

CVE-2026-43247

A flaw was found in the wave5 media driver within the Linux kernel. This vulnerability can lead to a kernel panic, which causes the system to become unresponsive, effectively resulting in a Denial of Service DoS. The issue occurs when the system attempts to enter suspend mode due to an autosuspen...

CLSA-2026-1778107793 qt5-qtbase: Fix of 3 CVEs

CVE-2025-5455: fix qDecodeDataUrl crash on malformed data URL with charset - CVE-2024-25580: fix KTX file reading buffer overflow - CVE-2024-39936: delay HTTP/2 communication until encrypted can be responded to includes prerequisite to emit encrypted on H2 path...

CVE-2026-43247

CVE-2026-43247 affects the Linux kernel media driver for wave5 (chips-media). The issue causes a kernel panic triggered by an asynchronous SError interrupt when the system enters suspend mode due to an autosuspend delay timeout, leading to an unresponsive system (DoS-like impact). The vulnerabili...