python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

F5 BIG-IP 缓冲区错误漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a buffer error vulnerability, which stems from virtual servers configured...

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from a server or to a server. Curl has a security vulnerability that stems from an error in proxy credential transmission, which may lead to the incorrect transmission of credentials from one proxy to another...

Flight 安全漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a security vulnerability. This vulnerability stemmed from the default error handling mechanism Engine::error, which wrote the entire exception message into the HTTP 500 response. Without debugging...

SAMSUNG Mobile devices 缓冲区错误漏洞

Samsung Mobile devices are a series of mobile devices produced by Samsung Electronics in South Korea. This includes smartphones, tablets, etc. Versions of Samsung Mobile devices prior to SMR May-2026 Release 1 contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds...

Linux Distros Unpatched Vulnerability : CVE-2026-43488

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: xhci: Prevent interrupt storm on host controller error HCE The xHCI controller reports a Host Controller Error HCE in UAS Storage Device plug/unplug...

Linux Distros Unpatched Vulnerability : CVE-2026-43372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: dsa: microchip: Fix error path in PTP IRQ setup If requestthreadedirq fails during the PTP message IRQ setup, the newly created IRQ mapping is never...

cPanel 注入漏洞

cPanel is a web-based automated hosting platform developed by cPanel Inc. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability known as “injection attack,” which stems from improper cleaning of the status query parameters in the...

F5 BIG-IP 资源管理错误漏洞

F5 BIG-IP is an application delivery platform developed by F5 Networks in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a resource management vulnerability in F5 BIG-IP. This vulnerability arises when P...

ALSA-2026:16692 Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

Nitro 输入验证错误漏洞

Nitro is an open-source, zero-configurable production-level server extension tool developed by Nitro. Versions prior to Nitro 3.0.260429-beta contained a vulnerability related to input validation errors. This vulnerability allowed attackers to convert wildcarded redirect rules into cross-host...

PT-2026-40603

Name of the Vulnerable Software and Affected Versions Crypt::Argon2 versions 0.017 through 0.030 Description A heap out-of-bounds read occurs in the argon2 verify function when processing empty encoded input. The auto-detect form of argon2 verify passes encoded len - 1 as the length argument to...

PT-2026-40687

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The acp3x 5682 init function fails to check the return value of clk get, which can lead to the dereferencing of error pointers within the rt5682 clk enable function. Recommendations Upda...

PT-2026-40689

In the Linux kernel, the following vulnerability has been resolved: sched ext: Disable preemption between scx claim exit and kicking helper work scx claim exit atomically sets exit kind, which prevents scx error from triggering further error handling. After claiming exit, the caller must kick the...

RHEL 9 : freerdp (RHSA-2026:16485)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16485 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

PT-2026-40696

In the Linux kernel, the following vulnerability has been resolved: liveupdate: luo file: remember retrieve status LUO keeps track of successful retrieve attempts on a LUO file. It does so to avoid multiple retrievals of the same file. Multiple retrievals cause problems because once the file is...

PT-2026-40695

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the xHCI controller where a Host Controller Error HCE occurs during UAS Storage Device plug/unplug scenarios on Android devices. The xhci irq function checks for HCE,...

Linux Distros Unpatched Vulnerability : CVE-2026-43388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: clear walkcontrol on inactive context in damoswalk damoswalk sets ctx-walkcontrol to the caller-provided control structure before checking whethe...