PT-2026-46240

Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component...

CVE-2026-46272 coresight: tmc-etr: Fix race condition between sysfs and perf mode

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARNON in tmcetrenablehw is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at...

CVE-2026-46272

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARNON in tmcetrenablehw is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at...

PT-2026-46018

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsl edma engine::muxclk are allocated and enabled with devm clk get enabled, which automatically cleans these resources up, but these clocks are also...

PT-2026-46035

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Coresight TMC-ETR component of the Linux kernel when sysfs and perf modes are operated simultaneously. The issue occurs because the enablement of sysfs mod...

BIT-AUTHENTIK-2026-40172 authentik: Privilege Escalation via User PATCH: Superuser Group Assignment Bypasses enable_group_superuser

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0 through 2026.2.2, the PATCH /api/v3/core/users/pk/ API allows a caller with changeuser on a target user to assign arbitrary groups through UserSerializer, including groups with issuperuser=True, without...

EUVD-2026-33479

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the argument startwizard leads to stack-based buffer overflow. The attack can be launched remotely. T...

CVE-2026-10160

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the argument startwizard leads to stack-based buffer overflow. The attack can be launched remotely. T...

GHSA-XG76-5QJ2-2HHV Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation

Summary modules/sso/clients.php validates an admcsrftoken on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, a...

Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation

Summary modules/sso/clients.php validates an admcsrftoken on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, a...

PT-2026-45039

Summary modules/sso/clients.php validates an adm csrf token on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, ...

CVE-2026-46222

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: Add missing MUSTCONNECT flag to pads The pads missed checks for connected devices which may a null dereference when the stream is enabled. Unable to handle kernel NULL pointer dereference at virtual addres...

CVE-2026-7634 SlimStat Analytics <= 5.4.11 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

PT-2026-44345

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: Add missing MUST CONNECT flag to pads The pads missed checks for connected devices which may a null dereference when the stream is enabled. Unable to handle kernel NULL pointer dereference at virtual addre...

CVE-2026-45974

A flaw was found in the Linux kernel's btrfs filesystem. The btrfsquotaenable function contains a logic error where it attempts to access an invalid memory location if a specific key is not found during a search operation. This incorrect handling of search results can lead to invalid leaf access,...

CVE-2026-9406

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed...

EUVD-2026-32258

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid leaf access in btrfsquotaenable if ref key not found If btrfssearchslotforread returns 1, it means we did not find any key greater than or equals to the key we asked for, meaning we have reached the end of the...

CVE-2026-46082

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Inject UD for INVLPGA if EFER.SVME=0 INVLPGA should cause a UD when EFER.SVME is not set. Add a check to properly inject UD when EFER.SVME=0. sean: tag for stable@...

CVE-2026-45974

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid leaf access in btrfsquotaenable if ref key not found If btrfssearchslotforread returns 1, it means we did not find any key greater than or equals to the key we asked for, meaning we have reached the end of the...

CVE-2026-45977 fbnic: close fw_log race between users and teardown

In the Linux kernel, the following vulnerability has been resolved: fbnic: close fwlog race between users and teardown Fixes a theoretical race on fwlog between the teardown path and fwlog write functions. fwlog is written inside fbnicfwlogwrite and can be reached from the mailbox handler...