CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes

In the Linux kernel, the following vulnerability has been resolved: ext4: validate pidx bounds in ext4extcorrectindexes ext4extcorrectindexes walks up the extent tree correcting index entries when the first extent in a leaf is modified. Before accessing pathk.pidx-eiblock, there is no validation...

EUVD-2026-24631

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...

CVE-2026-6022

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...

CVE-2026-6022

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...

CVE-2026-6022 Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...

CVE-2026-6022 Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability stems from the dd utility suppressing errors during file truncation operations by unconditionally calling Result::ok. Although...

PT-2026-34354

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 ext correct indexes function, which corrects index entries when the first extent in a leaf is modified. The function fails to validate that the p idx pointer...

PT-2026-34494

The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...

PT-2026-34480

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

Linux Distros Unpatched Vulnerability : CVE-2026-35358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013469)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013469 advisory. An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds re...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013784)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013784 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: udf: fix OOB read in lengthAllocDescs handling When parsing Allocation Extent Descriptor,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013806)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013806 advisory. In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1removedisk If rddev-raiddisk is greater than mddev-raiddisks...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013453)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013453 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blkcleanupqueue and diskrelease For avoiding to slow...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013563)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013563 advisory. In the Linux kernel, the following vulnerability has been resolved: md/raid1: stop mdxraid1 thread when raid1 array run failed fail run raid1 array when we assemble...

SUSE SLES16 Security Update : google-cloud-sap-agent (SUSE-SU-2026:21210-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:21210-1 advisory. This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: - CVE-2026-33186:...

Linux Distros Unpatched Vulnerability : CVE-2026-35344

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While...

CVE-2026-6796 Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function loglogin of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext...

GHSA-R65V-XGWC-G56J OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

Summary ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. An attacker who controls or compromises the OCI registry referenced in the victim's...