CLSA-2026-1778082886 libssh: Fix of CVE-2026-0966

CVE-2026-0966: avoid 1-byte heap buffer underflow in sshgethexa on NULL/zero-length input...

EUVD-2026-27832

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

CVE-2026-8028

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...

BIT-JAVA-2024-55549

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes...

BIT-JAVA-MIN-2024-47544 GHSL-2024-238: GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling

GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10...

CVE-2026-8028

FlowiseAI Flowise Endpoint vulnerability CVE-2026-8028 affects the verify function in packages/server/src/enterprise/services/account.service.ts (Endpoint component). A manipulation can cause information disclosure with remote exploitation possible. The exploit complexity is high, and current rep...

EUVD-2026-27704

In the Linux kernel, the following vulnerability has been resolved: mfd: core: Add locking around 'mfdofnodelist' Manipulating a list in the kernel isn't safe without some sort of mutual exclusion. Add a mutex any time we access / modify 'mfdofnodelist' to prevent possible crashes...

EUVD-2025-209674

In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driveroverrideshow and use core helper The driveroverrideshow function reads the driveroverride string without holding the devicelock. However, the store function modifies and frees the string while holdi...

EUVD-2025-209681

In the Linux kernel, the following vulnerability has been resolved: misc: tifpc202: fix a potential memory leak in probe function Use foreachchildofnodescoped to simplify the code and ensure the device node reference is automatically released when the loop scope ends...

CVE-2026-8026 FlowiseAI Flowise API Response account.service.ts login information disclosure

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched...

CVE-2026-8026

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched...

CVE-2026-43160

In the Linux kernel, the following vulnerability has been resolved: mfd: macsmc: Initialize mutex Initialize struct applesmc's mutex in applesmcprobe. Using the mutex uninitialized surprisingly resulted only in occasional NULL pointer dereferences in applesmcread calls from the probe functions of...

CVE-2025-71290

In the Linux kernel, the following vulnerability has been resolved: misc: tifpc202: fix a potential memory leak in probe function Use foreachchildofnodescoped to simplify the code and ensure the device node reference is automatically released when the loop scope ends...

CLSA-2026-1778068515 Fix CVE(s): CVE-2026-0966

SECURITY UPDATE: heap buffer underflow in sshgethexa on zero-length or NULL input, remotely reachable via GSSAPI authentication logging - debian/patches/CVE-2026-0966.patch: reject NULL/zero-length input in sshgethexa in src/dh.c - CVE-2026-0966: fix heap buffer underflow in sshgethexa...

CVE-2025-71290

CVE-2025-71290 concerns a memory leak in the Linux kernel’s misc: ti_fpc202 probe function. The root cause is not releasing a device node reference during iteration, leading to a leak. The remedy implemented is a code change that uses for_each_child_of_node_scoped() to ensure the node reference i...

CVE-2025-71290

In the Linux kernel, the following vulnerability has been resolved: misc: tifpc202: fix a potential memory leak in probe function Use foreachchildofnodescoped to simplify the code and ensure the device node reference is automatically released when the loop scope ends...

CVE-2025-71290 misc: ti_fpc202: fix a potential memory leak in probe function

In the Linux kernel, the following vulnerability has been resolved: misc: tifpc202: fix a potential memory leak in probe function Use foreachchildofnodescoped to simplify the code and ensure the device node reference is automatically released when the loop scope ends...

CVE-2025-71290

In the Linux kernel, the following vulnerability has been resolved: misc: tifpc202: fix a potential memory leak in probe function Use foreachchildofnodescoped to simplify the code and ensure the device node reference is automatically released when the loop scope ends...

CVE-2026-43269 drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback

In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomicdestroystate callback After several commits, the slab memory increases. Some drmcrtccommit objects are not freed. The atomicdestroystate callback only put the framebuffer. Use the...

CVE-2026-43245

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...