304 matches found
CVE-2026-43022 Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...
CVE-2026-43022 Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...
CVE-2026-43022
The CVE-2026-43022 issue affects the Linux kernel Bluetooth HCI synchronization path: hci_cmd_sync_queue_once() did not indicate when a queue item already existed, risking resource leaks. The fix changes hci_cmd_sync_queue_once() to return -EEXIST when a queue item already exists and requires upd...
CVE-2026-43022
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...
EUVD-2026-26621
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...
CVE-2026-35341 uutils coreutils mkfifo Unauthorized Permission Change on Existing Files
A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...
SUSE CVE-2026-40341
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptpunpackEOSFocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known...
uutils coreutils 安全漏洞
uutils coreutils is a cross-platform core command-line tool set developed by Uutils. There is a security vulnerability in uutils coreutils. This vulnerability stems from the mkfifo function, which allows unauthorized modification of existing file permissions. When mkfifo fails to create a FIFO du...
CVE-2026-40590 FreeScout's Customer AJAX Create Modifies Hidden Existing Customer
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already...
CVE-2026-40304 zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...
ECHO-35D6-A603-460E
Bulletin has no description...
GHSA-99G3-W8GR-X37C PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`
| Field | Value | |---|---| | Severity | Critical | | Type | Path traversal -- arbitrary file write via tar.extract without member validation | | Affected | src/praisonai/praisonai/cli/features/recipe.py:1170-1172 | Summary cmdunpack in the recipe CLI extracts .praison tar archives using raw...
CVE-2026-5370
A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...
CVE-2026-5316
A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...
BIT-DISCOURSE-2026-30888 Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint
Discourse is an open-source discussion platform. Versions prior to 2026.3.0, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents ToS, guidelines, privacy policy that they are explicitly prohibited from modifying. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No kno...
DEBIAN-CVE-2026-33413
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...
PT-2026-28667
Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A flaw exists in the Tenda AC5 version 15.03.06.47. This issue is located within the formSetCfm function of the /goform/setcfm file, part of the POST Request Handler component. Manipulation of the...
PT-2026-36439
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth component where the hci cmd sync queue once function fails to indicate whether a queue item was added. This prevents the caller from knowing if callbacks...
CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...
CVE-2024-46878
A Cross-Site Scripting XSS vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions...