SUSE CVE-2026-53302

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

SUSE CVE-2026-53306

In the Linux kernel, the following vulnerability has been resolved: tty: hvciucv: fix off-by-one in number of supported devices MAXHVCIUCVLINES == HVCALLOCTTYADAPTERS == 8. This is the number of entries in: static struct hvciucvprivate hvciucvtableMAXHVCIUCVLINES; Sometimes hvciucvtable is limite...

EUVD-2026-39968

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...

CVE-2026-8095

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...

gcc-toolset-12-binutils security update

An update is available for gcc-toolset-12-binutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The binutils packages provide a collection of binary utilitie...

RLSA-2023:2873 Moderate: gcc-toolset-12-binutils security update

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: binutils: NULL pointer...

Linux Distros Unpatched Vulnerability : CVE-2026-13035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral...

Linux Distros Unpatched Vulnerability : CVE-2026-13031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-53156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvmem: core: fix use-after-free bugs in error paths Fix several instances of error paths in which we call nvmemdeviceput - which may end up freeing the underlyi...

Linux Distros Unpatched Vulnerability : CVE-2026-53142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether display hardware is there, using...

PT-2026-53222

Name of the Vulnerable Software and Affected Versions D-Link DCS-935L version 1.10.01 Description An OS command injection flaw exists in the POST Parameter Handler component. The issue occurs within the sub 400E40 function of the setconf.cgi file. A remote attacker can exploit this by manipulatin...

PT-2026-53077

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfm dir path parameter sanitization in the wpfm file meta update AJAX handler, where supplying WPFM DIR...

PT-2026-53089

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'node options' bypasses the NODE OPTIONS denylist entry. An authenticated user who can configure a...

Linux Distros Unpatched Vulnerability : CVE-2026-53279

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/gma500/oaktraillvds: fix hang on init failure The LVDS init code looks up an I2C adapter using i2cgetadapter and tries to read the EDID before falling back ...

Linux Distros Unpatched Vulnerability : CVE-2026-52996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix durable fd leak on ClientGUID mismatch in durable v2 open ksmbdlookupfdcguid returns a ksmbdfile with its refcount incremented via ksmbdfpget...

Linux Distros Unpatched Vulnerability : CVE-2026-53231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was...

Linux Distros Unpatched Vulnerability : CVE-2026-53170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/ethosu: reject DMA commands with uninitialized length cmdstateinit initializes the command state with memset0xff, leaving dma-len at U64MAX to signal...

Linux Distros Unpatched Vulnerability : CVE-2026-52987

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: avoid double drmexecfini in userq validate When newaddition is true, amdgpuuserqvmvalidate calls drmexecfini&exec before iterating over the collecte...

Linux Distros Unpatched Vulnerability : CVE-2026-29509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12,...

PT-2026-53115

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...