CVE-2026-8321 inkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypass

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...

CVE-2026-8321

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...

CVE-2026-8321 inkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypass

A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is...

CVE-2026-8321

CVE-2026-8321 affects inkeep agents 0.58.14. The vulnerability lies in the function createDevContext of agents-api/src/middleware/runAuth.ts within the runAuth Middleware, where a manipulation can lead to authentication bypass via an alternate channel. This can be exploited remotely, and public e...

SUSE CVE-2026-43455

In the Linux kernel, the following vulnerability has been resolved: mctp: route: hold key-lock in mctpflowprepareoutput mctpflowprepareoutput checks key-dev and may call mctpdevsetkey, but it does not hold key-lock while doing so. mctpdevsetkey and mctpdevreleasekey are annotated with...

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from an unknown function in the...

CVE-2026-42298

Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow .github/workflows/pr-docker-build.yml allows any unauthenticated user to execute arbitrary code during the Docker build process and exfiltrate a...

EUVD-2026-28761

In the Linux kernel, the following vulnerability has been resolved: mctp: route: hold key-lock in mctpflowprepareoutput mctpflowprepareoutput checks key-dev and may call mctpdevsetkey, but it does not hold key-lock while doing so. mctpdevsetkey and mctpdevreleasekey are annotated with...

CVE-2026-43455

In the Linux kernel, the following vulnerability has been resolved: mctp: route: hold key-lock in mctpflowprepareoutput mctpflowprepareoutput checks key-dev and may call mctpdevsetkey, but it does not hold key-lock while doing so. mctpdevsetkey and mctpdevreleasekey are annotated with...

Malicious code in coral-dev-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 938459f8d0b02585c73f8dedee34a7e499784f290f4c9cabf61706eeda5bbfe1 The package coral-dev-proxy was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3395 Malicious code in coral-dev-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 938459f8d0b02585c73f8dedee34a7e499784f290f4c9cabf61706eeda5bbfe1 The package coral-dev-proxy was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-43455

In CVE-2026-43455, multiple sources confirm a race in the Linux kernel MCTP module: mctp_flow_prepare_output() checks key->dev and may call mctp_dev_set_key() without holding key->lock, while both mctp_dev_set_key() and mctp_dev_release_key() require the lock. This can allow concurrent path...

CVE-2026-43422 usb: legacy: ncm: Fix NPE in gncm_bind

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

CVE-2026-43422

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

CVE-2026-43310

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC For the i.MX8MQ platform, there is a hardware limitation: the g1 VPU and g2 VPU cannot decode simultaneously; otherwise, it will cause below bus error and produ...

PT-2026-39025

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the ublk ctrl set size function. The issue occurs because the function calls set capacity and notify using ub-ub disk without verifying if the pointe...

PT-2026-39116

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the mctp flow prepare output function. The function checks key-dev and may call mctp dev set key without holding the key-lock, despite the latter being intende...

SUSE CVE-2026-43101

In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in ioam6filltracedata We need to check in6devget for possible NULL value, as suggested by Yiming Qian. Also add skbdstdevrcu instead of skbdstdev, and two missing READONCE. Note that @d...

SUSE CVE-2026-43139

In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6getsaddr xfrm6getsaddr does not check the return value of ipv6devgetsaddr. When ipv6devgetsaddr fails to find a suitable source address returns -EADDRNOTAVAIL, saddr-in6 is left uninitialize...

@c0va23/react-router-dev (=7.8.3-alpha.2), @holocron.so/cli (>=0.6.0 <=0.8.0) +13 more potentially affected by CVE-2026-23870 via @vitejs/plugin-rsc (>=0.4.11 <=0.5.24)

@vitejs/plugin-rsc NPM version =0.4.11, =0.6.0, =0.0.1, =0.0.0-1ae0b37, =0.0.0-experimental-2a6c7bc, =0.0.0-pr-32412-sha-4e0feb24, =1.0.2, =0.1.0, =0.0.1, =1.18.0-rsc.19, =0.1.0, =0.0.1-alpha.0, =0.0.0-canary-7e3d07b-20260501145757, =0.24.0, =0.27.2 Source cves: CVE-2026-23870 Source advisory:...