Imagination Graphics DDK 资源管理错误漏洞

Imagination Graphics DDK is a suite of GPU driver tools from Imagination UK. The Imagination Graphics DDK suffers from a resource management error vulnerability that stems from a write-release-after-reuse crash triggered when WebGPU content is loaded into the GPU GLES rendering process, which cou...

PT-2026-36422

In the Linux kernel, the following vulnerability has been resolved: hwmon: tps53679 Fix array access with zero-length block read i2c smbus read block data can return 0, indicating a zero-length read. When this happens, tps53679 identify chip accesses bufret - 1 which is buf-1, reading one byte...

Open SAE J1939 输入验证错误漏洞

Open SAE J1939 is a CAN bus communication protocol library for industrial vehicles by Daniel Mårtensson, a private developer. Open SAE J1939 suffers from an input validation error vulnerability that stems from an integer underflow in the transport protocol data transfer processing resulting in an...

PT-2026-36418

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove callback aml sfc probe registers the on-host NAND ECC engine, but teardown was missing from both probe unwind and remove-time cleanup. Add a devm cleanup...

Vanetza 安全漏洞

Vanetza is an open source implementation of a suite of in-vehicle communication protocols by the individual developer Raphael Riebl. A security vulnerability exists in Vanetza v26.02, which stems from an OpenSSL exception in the GeoNetworking packet processing pipeline that is not correctly caugh...

Wireshark 缓冲区错误漏洞

Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.4, as well as 4.4.0 to 4.4.14, have a buffer error vulnerability. This...

CVE-2025-69606

GSVoIP Web Panel 2.0.90 is affected by an XSS in the msg parameter of /painel/gateways.php/error, where user input is not properly sanitized. Root cause: lack of input validation/encoding allows arbitrary JavaScript in HTML response, enabling client-side attacks (e.g., script execution, session h...

open-amp 输入验证错误漏洞

open-amp is an OpenAMP open source framework that supports communication and lifecycle management between heterogeneous multi-core processors. An input validation error vulnerability exists in open-amp version v2025.10.0, which stems from an integer overflow in the ELF loader during firmware imag...

PT-2026-36462

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mshv region pin function regarding error handling. First, the pin user pages fast function may return a short pin count greater than zero but less than requested...

CVE-2026-42481

Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...

Solutions VoIP GSVoIP web panel 跨站脚本漏洞

Solutions VoIP GSVoIP web panel is a VoIP management interface from Solutions VoIP. A cross-site scripting vulnerability in the Solutions VoIP GSVoIP web panel version 2.0.90, which stems from improperly cleaned user input for the msg parameter in the /painel/gateways.php/error endpoint, could le...

PT-2026-36349

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the krb5enc dispatch decrypt function allows asynchronous decryption to bypass integrity verification. The function sets the caller's completion handler as the callback, which...

PT-2026-36394

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the USB ULPI Ultra Low Power Interface component. When the device register function fails, ulpi register invokes put device on ulpi-dev. The device release...

PT-2026-36471

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The tcm loop target reset function violates the SCSI Error Handler EH contract by returning success without draining in-flight commands. This allows the SCSI EH to reuse scsi cmnd...

PT-2026-36390

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the cdns3 gadget ep queue function when a gadget endpoint is disabled or not yet configured. In these states, the ep-desc pointer can be NULL, leadin...

FRRouting 缓冲区错误漏洞

FRRouting is FRRouting open source a network routing software suite that runs on Unix-like platforms. FRRouting suffers from a buffer error vulnerability that stems from the presence of a difference-one out-of-bounds write to the bgpflowspecopdecode function, which could lead to a denial of servi...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a buffer error vulnerability that stems from the ip4ip6err function failing to clear the cb array of skb2, which results in the IPv6 cb structure...

PT-2026-36412

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A missing error check in the ALSA ctxfi driver occurs because the driver assumes the daio device index function always returns a proper value. This lack of validation can lead to stabili...

CVE-2026-40686

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present malformed UTF-8 header data. Information might be divulged within an error message produced during handling of an unrelated e-mail message...

auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation

Summary The Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. In practice, this means all Patreon-authenticated users of an application using this library are collapsed into a...