CVE-2026-23270 net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks

In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow actct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier 1: "Since the blamed commit below, classify can return TCACTCONSUMED while the current skb being held by the defragmentation...

KLA90944 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Type confusion vulnerability in V8 can be exploited to cause...

chromium -- security fixes

Chrome Releases reports: This update includes 26 security fixes: 475877320 Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15 485935305 Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on...

EUVD-2026-12639

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...

CVE-2026-4358

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...

UBUNTU-CVE-2026-4358

A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...

CLSA-2026-1773772035 Fix CVE(s): CVE-2025-23048

SECURITY UPDATE: SNI validation issue in modssl - debian/patches/CVE-2025-23048.patch: update SNI validation to move the SSL compatibility check after strict SNI hostname verification in modules/ssl/sslenginekernel.c. - CVE-2025-23048...

CVE-2026-4148

A use-after-free vulnerability (CVE-2026-4148) affects MongoDB in sharded clusters, triggered by an authenticated user with read role issuing a specially crafted $lookup or $graphLookup aggregation. The linked OSV entry cites the failure in ExpressionContext within the classic engine as the root ...

CVE-2026-4148 ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline...

PT-2026-25907

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description A use-after-free issue can occur in sharded clusters when a user with read access submits a specifically designed aggregation pipeline using either the $lookup or $graphLookup operator...

PT-2026-25937

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A specially crafted aggregation query utilizing the $lookup operator, submitted by an authenticated user possessing write privileges, can lead to a double-free or use-after-free memory issue...

GHSA-9F3R-2VGW-M8XP File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter

Description The resourcePatchHandler in http/resource.go validates the destination path against configured access rules before the path is cleaned/normalized. The rules engine rules/rules.go uses literal string prefix matching strings.HasPrefix or regex matching against the raw path. The actual...

EUVD-2016-10825

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

EUVD-2016-10821

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...

EUVD-2016-10823

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser...

EUVD-2016-10827

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

CVE-2016-20033

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...

CVE-2016-20035

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoin...

CVE-2016-20036

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

USN-8095-1 linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...