TencentOS Server 2: squid (TSSA-2025:1012)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:1012 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2026-43108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - soc: qcom: pd-mapper: Fix element length in servreglocpfrreqei It looks element length declared in servreglocpfrreqei for reason not matching servreglocpfrreq's...

Linux Distros Unpatched Vulnerability : CVE-2026-43192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dmputdevice when failing to get scsi dh name When commit fd81bc5cca8f...

CVE-2026-43252

A flaw was found in the MultiPath TCP MPTCP subsystem of the Linux kernel. A local attacker could exploit a logic error in how MPTCP manages network connection endpoints. By performing a specific sequence of operations, an attacker could trigger a kernel warning, potentially leading to system...

CVE-2026-43247

A flaw was found in the wave5 media driver within the Linux kernel. This vulnerability can lead to a kernel panic, which causes the system to become unresponsive, effectively resulting in a Denial of Service DoS. The issue occurs when the system attempts to enter suspend mode due to an autosuspen...

CVE-2026-41484

OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...

CVE-2026-43218

A flaw was found in the tw9903 driver within the Linux kernel. This vulnerability occurs in an error handling path of the tw9903probe function, where memory allocated for video for Linux 2 V4L2 control handlers is not properly released. This oversight can lead to a memory leak, potentially causin...

MAL-2026-3360 Malicious code in @paysafe-tracking/error-monitoring (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2acf9c4e0793663b7ca39f1c5c5a4646e8cecb488863494d904cdce97e01df The package @paysafe-tracking/error-monitoring was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @paysafe-tracking/error-monitoring (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c2acf9c4e0793663b7ca39f1c5c5a4646e8cecb488863494d904cdce97e01df The package @paysafe-tracking/error-monitoring was found to contain malicious code. Source: ossf-package-analysis...

GHSA-QRCH-52M5-VV85 Flight vulnerable to sensitive information disclosure via default error handler

Summary The default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak internal paths, any secret interpolated into an exception...

Flight vulnerable to sensitive information disclosure via default error handler

Summary The default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak internal paths, any secret interpolated into an exception...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Engine::error function. An attacker can obtain sensitive information, such as absolute filesystem paths, secrets embedded in exception messages, and internal module structure, by triggering an uncaught...

EUVD-2025-209704

HCL BigFix Service Management SM is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumercompany parameter during a report-viewing request causes the application to trigger an...

CVE-2026-43202

A flaw was found in the Linux kernel's fbdev: vt8500lcdfb module. This vulnerability, a memory leak, occurs because allocated memory is not properly freed when an error path is triggered. A local attacker could potentially exploit this to exhaust system resources, leading to a Denial of Service D...

CVE-2026-43201

A flaw was found in the Linux kernel's Advanced Processor Error Interface APEI / Generic Hardware Error Source GHES handling. If the BIOS generates a very small or incomplete ARM Processor Error record, the kernel's error handling logic can attempt to access memory beyond allocated bounds. This...

CVE-2026-41484 OpenTelemetry.Exporter.OneCollector vulnerable to denial of service via unbounded HTTP error response body

OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...

CVE-2026-41484

The CVE concerns OpenTelemetry.Exporter.OneCollector for .NET. In versions ≤1.15.0, HttpJsonPostTransport reads the full response body on non-200 HTTP responses, enabling a potential denial-of-service via unbounded memory allocation if the back-end endpoint or an interceptor returns an arbitraril...

CVE-2026-41484

OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...

CVE-2026-43171

A flaw was found in the Linux kernel's EFI/CPER component. This vulnerability occurs because the cperprintfwerr function does not adequately validate the length of error records against a provided offset. A malicious or malformed firmware could exploit this by providing an offset that causes an...

CVE-2026-43169

A flaw was found in the drm/buddy component of the Linux kernel. This vulnerability occurs when the system processes memory allocation requests, particularly for contiguous or large non-contiguous blocks. Incorrect rounding of the requested size can lead to an allocation exceeding available memor...