PT-2026-43628

Summary The columnConfigAction endpoint in the CustomReportsBundle is vulnerable to SQL injection. An attacker with the reports config permission can supply a malicious SQL configuration that is concatenated into a query and executed. Although the application attempts to filter certain DDL/DML...

Google Chrome on Android 缓冲区错误漏洞

Google Chrome on Android is a web browser in the Android operating system developed by Google Inc. Versions prior to 148.0.7778.216 of Google Chrome on Android had a buffer error vulnerability. This vulnerability stemmed from out-of-bounds reading in the WebGL component, which could allow remote...

PT-2026-43730

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the dw i3c master i2c xfers function. The function allocates memory for the xfer structure via dw i3c master alloc xfer, but if the pm runtime resume and get...

PT-2026-43739

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the pqi report phys luns function. The issue arises when the function encounters an unsupported data format or when the allocation for the rpl 16byte wwid list...

PT-2026-43742

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs in the mfd: arizona component when the wm5102 clear write sequencer function returns an error. The function returns immediately, bypassing the cleanup sequence and...

PT-2026-43817

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the starfive aes aead do one req function. The function allocates rctx-adata using kzalloc, but fails to release this memory if the sg copy to buffer or starfive...

Linux Distros Unpatched Vulnerability : CVE-2026-46040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by a type error in the parameters of the bpfxdpstorebytes function. This error allows the verifier to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of error handling in the rxgxkextracttoken function. When rxgxkdecryptskb returns -ENOME...

PT-2026-43743

In the Linux kernel, the following vulnerability has been resolved: arm64/gcs: Fix error handling in arch set shadow stack status alloc gcs returns an error-encoded pointer on failure, which comes from do mmap, not NULL. The current NULL check fails to detect errors, which could lead to using an...

PT-2026-43806

In the Linux kernel, the following vulnerability has been resolved: gpib: Fix memory leak in ni usb init In ni usb init, if ni usb setup init fails, the function returns -EFAULT without freeing the allocated writes buffer, leading to a memory leak. Additionally, ni usb setup init returns 0 on...

Unzip 安全漏洞

Unzip is a Golang.zip decompression tool developed by Yige’s developers. Versions of Unzip prior to 2.215 contained security vulnerabilities. These vulnerabilities stemmed from failing to catch exceptions when parsing zip headers with incorrect DOS date formats. As a result, an exception was thro...

Synology ActiveProtect Agent 访问控制错误漏洞

Synology ActiveProtect Agent is a terminal data backup and recovery agent provided by the Chinese company Synology. Versions of Synology ActiveProtect Agent prior to 1.1.0-0439 contained a access control vulnerability caused by a source validation error. This vulnerability could allow local users...

Linux Distros Unpatched Vulnerability : CVE-2026-46053

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ext4 file system. When the file system is shut down, the dirtyclusters counter is decremented...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from discontinuous gaps during block allocation in btrfs. This issue causes an EEXIST error in the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an XDR decoding error path in the SURNPROC authgss module. This error path fails to release the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the caiaq driver’s setupcard function not properly handling error conditions, potentially leading...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from issues with the pt5161lreadblockdata function in pt5161l, including buffer overflows and improper...

PT-2026-43691

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aie destroy context is invoked during error handling in aie2 create context. However, aie destroy context assumes that the context's mailbox channel pointer...