CVE-2026-44553 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

CVE-2026-4145

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges...

CVE-2026-29786

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

PT-2026-3445

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

CVE-2025-55129

CVE-2025-55129 affects Revive Adserver and concerns username handling in user registration/creation. The issue allows impersonation via visual homoglyphs and alternate techniques after the fix for CVE-2025-52672, based on multiple reports (e.g., homoglyphs, RTL overrides, Cyrillic homographs). Co...

CVE-2023-53648

The CVE CVE-2023-53648 fixes a NULL pointer dereference in ALSA: ac97 in snd_ac97_mixer() within the Linux kernel. The issue occurred because rac97 could be NULL; the patch removes a redundant assignment and returns an error if rac97 is NULL. The documented impact is a local denial of service due...

CVE-2022-50151 usb: cdns3: fix random warning message when driver load

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix random warning message when driver load Warning log: 4.141392 Unexpected gfp: 0x4 GFPDMA32. Fixing up to gfp: 0xa20 GFPATOMIC. Fix your code! 4.150340 CPU: 1 PID: 175 Comm: 1-0050 Not tainted...

CVE-2025-38018 net/tls: fix kernel panic when alloc_page failed

In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when allocpage failed We cannot set fraglist to NULL pointer when allocpage failed. It will be used in tlsstrpcheckqueueok when the next time tlsstrpreadsock is called. This is because we don't reset...

autofs bug fix update

An update is available for autofs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The autofs utility controls the operation of the automount daemon. The daemon...

CVE-2023-53101

CVE-2023-53101 affects the Linux kernel ext4 bootloader inode handling. The issue arises when EXT4_IOC_SWAP_BOOT initializes an inode with a non-zero i_size, causing i_disksize to remain non-zero and creating an i_size vs i_disksize inconsistency that can trigger a kernel warning (as shown in the...

CVE-2022-49819

In the Linux kernel, the following vulnerability has been resolved: octeonep: fix potential memory leak in octepdevicesetup When occur unsupporteddev and mbox init errors, it did not free oct-conf and iounmap oct-mmioi.hwaddr. That would trigger memory leak problem. Add kfree for oct-conf and...

CVE-2022-49914

CVE-2022-49914 involves the Linux kernel btrfs backref walk leak in resolve_indirect_refs(). When an error occurs, code previously freed the parents list with ulist_free(), but attached inode lists via the aux field were not freed, causing a leak. The fix replaces ulist_free() with free_leaf_list...

CVE-2025-21914 slimbus: messaging: Free transaction ID in delayed interrupt scenario

In the Linux kernel, the following vulnerability has been resolved: slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay for any reason, slimdotransfer returns timeout error but the transaction ID TID is not freed. This results into invalid memory acces...

CVE-2022-49692

The CVE-2022-49692 issue is a Linux kernel fix for the at803x PHY NULL pointer dereference on AR9331 PHY. The vulnerability manifested as kernel paging fault during PHY interrupt handling, traced to AR9331 switch/MDIO initialization and phylink/dsa probe paths. The remedy is in the latest kernel ...

CVE-2022-49445 pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()

In the Linux kernel, the following vulnerability has been resolved: pinctrl: renesas: core: Fix possible null-ptr-deref in shpfcmapresources It will cause null-ptr-deref when using 'res', if platformgetresource returns NULL, so move using 'res' after devmioremapresource that will check it to avoi...

CVE-2022-49131 ath11k: fix kernel panic during unload/load ath11k modules

In the Linux kernel, the following vulnerability has been resolved: ath11k: fix kernel panic during unload/load ath11k modules Call netifnapidel from ath11kahbfreeextirq to fix the following kernel panic when unload/load ath11k modules for few iterations. 971.201365 Unable to handle kernel paging...

Debian: Security Advisory (DSA-5839-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-56555

CVE-2024-56555 affects the Linux kernel binder subsystem. A race in binder_add_freeze_work() can occur when the process’ rbtree (proc->nodes) lock is intermittently dropped to acquire node locks, allowing binder_deferred_release() to move nodes to binder_dead_nodes. This can corrupt the rb_nex...

CVE-2024-56550 s390/stacktrace: Use break instead of return statement

In the Linux kernel, the following vulnerability has been resolved: s390/stacktrace: Use break instead of return statement archstackwalkusercommon contains a return statement instead of a break statement in case storeip fails while trying to store a callchain entry of a user space process. This m...

CVE-2024-53068 firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix slab-use-after-free in scmibusnotifier The scmidev-name is released prematurely in scmidevicedestroy, which causes slab-use-after-free when accessing scmidev-name in scmibusnotifier. So move the release of...