CVE-2026-22988 arp: do not assume dev_hard_header() does not change skb->head

In the Linux kernel, the following vulnerability has been resolved: arp: do not assume devhardheader does not change skb-head arpcreate is the only devhardheader caller making assumption about skb-head being unchanged. A recent commit broke this assumption. Initialize @arp pointer after...

Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module

Vulnerability Description --- Vulnerability Overview - When the client sends an arbitrary URL array and impl: "naive" to the tRPC endpoint tools.search.crawlPages, the server issues outbound HTTP requests directly to those URLs. There is no defensive logic that restricts or validates requests to...

GHSA-FGX4-P8XF-QHP9 Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module

Vulnerability Description --- Vulnerability Overview - When the client sends an arbitrary URL array and impl: "naive" to the tRPC endpoint tools.search.crawlPages, the server issues outbound HTTP requests directly to those URLs. There is no defensive logic that restricts or validates requests to...

The vulnerability of the void() function in the drivers/net/ethernet/pensando/ionic/ionic_dev.h module of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the void function in the drivers/net/ethernet/pensando/ionic/ionicdev.h module of the Linux kernel lies in the execution of a loop without sufficient restrictions on its execution count. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the vlan_dev_hard_header function in the Linux kernel’s team component, which allows a hacker to cause a service failure.

The vulnerability of the vlandevhardheader function in the Linux kernel’s team component is related to a pointer dereferencing error. Exploiting this vulnerability could allow an attacker to cause service interruptions remotely...