PT-2026-37418

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreg loc pfr req ei It looks element length declared in servreg loc pfr req ei for reason not matching servreg loc pfr req's reason field due which we could observe decoding error on...

PT-2026-37502

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the tegra channel try format function. The issue arises because two error paths return immediately after the v4l2 subdev call function fails, failing to call v4l2...

HCL DFXAnalytics 安全漏洞

HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a security vulnerability, which stems from improper error handling. As a result, the application exposes detailed stack traces during responses, allowing attackers t...

PT-2026-37490

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel fails to properly reject unsupported hardware configurations in the perf/arm-cmn component. By accepting unknown Coherent Mesh Network CMN models and revisions, the syst...

PT-2026-38025

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst wavparse cue chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatc...

PT-2026-37551

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the pci slot trylock function where error handling is incorrectly implemented. Following a change that delegated the bridge device's pci dev trylock to pci bus trylock...

PT-2026-37619

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA usb-audio component where the system blindly assumes received packets fit the buffer size when silencing playback URB USB Request Block packets in implicit fb...

PT-2026-37514

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the io uring/zcrx component where closing a queue does not guarantee the immediate termination of all associated page pools. The system incorrectly releases the zcrx...

Linux Distros Unpatched Vulnerability : CVE-2026-43189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: v4l2-async: Fix error handling on steps after finding a match Once an async connection is found to be matching with an fwnode, a sub-device may be...

Linux Distros Unpatched Vulnerability : CVE-2026-43153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfs: remove xfsattrleafhasname The calling convention of xfsattrleafhasname is problematic, because it returns a NULL buffer when xfsattr3leafread fails, a vali...

PT-2026-37475

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs in the snd cx23885 hw params function. In the error path, the system fails to call cx23885 alsa dma unmap, which is necessary to release the resource previously...

PT-2026-37479

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The xfrm6 get saddr function fails to check the return value of ipv6 dev get saddr. If ipv6 dev get saddr cannot find a suitable source address and returns -EADDRNOTAVAIL, the saddr-in6...

Linux Distros Unpatched Vulnerability : CVE-2026-43196

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - soc: ti: pruss: Fix double free in prussclkmuxsetup In the prussclkmuxsetup, the devmaddactionorreset indirectly calls prussoffreeclkprovider, which calls...

PT-2026-37419

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the x86 shadow stacks implementation where the shstk pop sigframe function fails to check for errors returned by mmap read lock killable. This occurs because the...

EUVD-2026-25871

authd: Primary group ID is incorrectly set to value of UID...

ip-address has XSS in Address6 HTML-emitting methods

Summary Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6 constructor for invalid input can contain unescaped attacker-controlled content in one branch. An...

CLSA-2026-1778015406 cifs-utils: Fix of CVE-2022-29869

CVE-2022-29869: avoid leaking sensitive credential file content via verbose stderr in mount.cifs option parsing...

GHSA-MM2Q-QCMX-GW4W RustFS: ListServiceAccount authorizes against wrong admin action, enabling cross-user enumeration and root service account takeover

Summary ListServiceAccount GET /rustfs/admin/v3/list-service-accounts?user= authorizes cross-user requests against UpdateServiceAccountAdminAction instead of ListServiceAccountsAdminAction at rustfs/src/admin/handlers/serviceaccount.rs:936. The handler accepts the wrong admin action and rejects t...

CVE-2026-34527 Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

CVE-2026-34527 Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...