CVE-2026-22988 arp: do not assume dev_hard_header() does not change skb->head

In the Linux kernel, the following vulnerability has been resolved: arp: do not assume devhardheader does not change skb-head arpcreate is the only devhardheader caller making assumption about skb-head being unchanged. A recent commit broke this assumption. Initialize @arp pointer after...

OESA-2026-1229 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATHMAX If the full path to be built by cephmdscbuildpath happens to be longer than PATHMAX, then this function will enter an...

Linux Distros Unpatched Vulnerability : CVE-2026-22988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: arp: do not assume devhardheader does not change skb-head arpcreate is the only devhardheade...

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an assumption that devhardheader does not change skb-head when the arpcreate function is called,...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004854)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004854 advisory. In the Linux kernel, the following vulnerability has been resolved: PNP: fix name memory leak in pnpallocdev After commit 1fa5ae857bb1 driver core: get rid of struct...

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

EUVD-2026-4198

Malicious code in sympy-dev PyPI...

Malicious code in sympy-dev (PyPI)

Package downloads and executes code from remote servers, indicating malicious behavior. Multiple files and IPs involved. Package impersonates popular sympy package...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21783)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21783 advisory. - In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix crash on error in...

Azure Linux 3.0 Security Update: kernel (CVE-2024-48875)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-48875 advisory. - In the Linux kernel, the following vulnerability has been resolved: btrfs: don't take devreplace rwsem on...

Vite Vitejs Improper Access Control Vulnerability

Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21858)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21858 advisory. - In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in...

CVE-2026-1192

A vulnerability was determined in Tosei Online Store Management System ネット店舗管理システム 1.01. The affected element is an unknown function of the file /cgi-bin/imodealldata.php. Executing a manipulation of the argument DevId can lead to command injection. The attack can be executed remotely. The exploi...

CLSA-2026-1768110920 kernel: Fix of 16 CVEs

crypto: lzo - Fix compression buffer overrun CVE-2025-38068 - wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work CVE-2025-39863 - NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-43945 - tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-40186 - can:...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2025-11112:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11112:01 advisory. runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to...

Exploit for CVE-2025-60021

CVE-2025-60021 Roundup Vulnerability Summary CVE-2025-60...

ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value

...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001649 advisory. In the tun subsystem in the Linux kernel before 4.13.14, devgetvalidname is not called before registernetdevice. This allows local users to cause a denial of service...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004093)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004093 advisory. gadgetdevdescUDCstore in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004017)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004017 advisory. Use-after-free vulnerability in fs/blockdev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging imprope...