CVE-2024-28765 Security vulnerability was found in IBM Security Directory Integrator

IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

EUVD-2026-32468

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM errors from decryption by aborting. Further, remove the WARNONONCE so that it can't be remotely trigger...

CVE-2026-46085

CVE-2026-46085 affects the Linux kernel rxrpc subsystem (rxkad crypto unalignment handling). The vulnerability arises from processing a packet with a misaligned crypto length and from handling non-ENOMEM decryption errors, with the WARN_ON_ONCE removal enabling remote triggering of issues. A remo...

CVE-2026-45870

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: authgss: fix memory leaks in XDR decoding error paths The gssxdecctx, gssxdecstatus, and gssxdecname functions allocate memory via gssxdecbuffer, which calls kmemdup. When a subsequent decode operation fails, these...

CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2026-1728)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1728 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a globa...

PT-2026-44077

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.98 Description OneUptime is an open-source monitoring and observability platform. The software uses the Node.js vm module as an isolation primitive. Because this API was not designed for isolation, it can be...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the recursive locking of the pcilockrescanremove lock during EEH event handling. This locking...

PT-2026-43995

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

Linux Distros Unpatched Vulnerability : CVE-2026-45912

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting proces...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from race conditions that occur during the uninstallation process under LAG errors. This vulnerability...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper handling of unaligned encryption lengths during the processing of the rxkad protocol...

CVE-2026-46004

ALSA: caiaq: Handle probe errors properly...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the UAC2 rate parsing mechanism. After MAXNRRATES is reached, the entire parsing process continue...

PT-2026-43952

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM errors from decryption by aborting. Further, remove the WARN ON ONCE so that it can't be remotely...

ALSA-2026:21381 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefox: Sandbox escape in the Profile Backup component...

JLSEC-2026-561

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

Snipe-IT 输入验证错误漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the unauthorized storage of HTTP Referer headers in session variables,...

ROS-20260524-73-0043

Vulnerability in mariadb related to security configuration errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

libheif 代码问题漏洞

Libheif is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of Libheif prior to 1.21.2 have a code vulnerability that can be exploited through format-errors in HEIF sequence files. This vulnerability allows for out-of-bound reads,...