PT-2026-35369

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

netfilter: xt_multiport: validate range encoding in checkentry

...

SUSE CVE-2026-31681

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

CVE-2026-31681

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

CVE-2026-31681

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

EUVD-2026-25648

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

CVE-2026-31681

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

CVE-2026-31681

CVE-2026-31681 affects the Linux kernel netfilter xt_multiport component. The issue is in ports_match_v1() where a non-zero pflags entry is treated as a range start, causing the end of the range to be consumed incorrectly and potentially reading past the last ports[] element when a malformed rule...

CVE-2026-31681 netfilter: xt_multiport: validate range encoding in checkentry

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

CLSA-2026-1777033551 httpd: Fix of CVE-2022-36760

CVE-2022-36760: modproxyajp: fix possible request smuggling via invalid Transfer-Encoding...

[SECURITY] Fedora 44 Update: python-cbor2-5.6.5-8.fc44

This library provides encoding and decoding for the Concise Binary Object Representation CBOR RFC 7049 serialization format...

Linux Distros Unpatched Vulnerability : CVE-2026-31681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally...

PT-2026-35141

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter xt multiport component where the checkentry path fails to validate range encoding. The ports match v1 function treats any non-zero pflags entry as the...

Improper Encoding or Escaping of Output

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the encode function in AxiosURLSearchParams. An attacker can smuggle a NUL byte into serialized query...

Improper Encoding or Escaping of Output

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the encode function in AxiosURLSearchParams. An attacker can smuggle a NUL byte into serialized query strings by supplying...

CVE-2026-41894

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

EUVD-2026-25626

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

CVE-2026-41894

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

CVE-2026-41894 SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

CVE-2026-41894

SiYuan up to version 3.6.4 is vulnerable due to a root cause in serveExport(): a redundant url.PathUnescape() combined with a prior denylist can be bypassed by double URL encoding (%252e%252e), enabling directory traversal and read access to arbitrary workspace files, including the Siyuan databas...