Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the RX hash table extraction in afalg without limiting the receive buffer budget. This could lead to...

PT-2026-35150

A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repo path of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-40164)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-40164 advisory. - jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, j...

CVE-2026-6967

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...

CVE-2026-41244

Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...

EUVD-2026-25610

Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...

CVE-2026-41244 Mojic: Observable Timing Discrepancy in HMAC Verification

Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...

CVE-2026-41244 Mojic: Observable Timing Discrepancy in HMAC Verification

Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208,...

CVE-2026-41244

Affected software: Mojic CLI tool. Issue: CipherEngine uses a standard equality operator (!==) to verify the HMAC-SHA256 integrity seal during decryption, causing an observable timing discrepancy (CWE-208). Impact: potential attacker could bypass the file integrity check via a timing attack. Stat...

CLSA-2026-1777051545 zsh: Fix of 3 CVEs

CVE-2018-1071: check bounds when copying path in hashcmd - CVE-2018-7549: avoid crash copying empty hash table - CVE-2018-13259: fix shebang line truncation in zexecve...

CVE-2026-31575

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fault mutex hash calculation In mfillatomichugetlb, linearpageindex is used to calculate the page index for hugetlbfaultmutexhash. However, linearpageindex returns the index in PAGESIZE units, while...

DEBIAN-CVE-2026-31575

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fault mutex hash calculation In mfillatomichugetlb, linearpageindex is used to calculate the page index for hugetlbfaultmutexhash. However, linearpageindex returns the index in PAGESIZE units, while...

EUVD-2026-25468

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fault mutex hash calculation In mfillatomichugetlb, linearpageindex is used to calculate the page index for hugetlbfaultmutexhash. However, linearpageindex returns the index in PAGESIZE units, while...

CVE-2026-31575

The CVE-2026-31575 issue affects the Linux kernel mm/userfaultfd code, where hugetlb fault mutex hashing used linear_page_index() (PAGE_SIZE units) instead of huge-page units, causing different mutexes to be used for addresses within the same huge page. The mismatch can allow races between faulti...

CVE-2026-31575

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fault mutex hash calculation In mfillatomichugetlb, linearpageindex is used to calculate the page index for hugetlbfaultmutexhash. However, linearpageindex returns the index in PAGESIZE units, while...

CVE-2026-31546

The CVE-2026-31546 fix applies to the Linux kernel bonding driver: bond_debug_rlb_hash_show could dereference a NULL slave, leading to a kernel NULL pointer dereference and potential DoS. The mitigation is to add a NULL check and print "(none)" for entries with no assigned slave; other code paths...

EUVD-2026-25439

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bonddebugrlbhashshow rlbclearslave intentionally keeps RLB hash-table entries on the rxhashtblusedhead list with slave set to NULL when no replacement slave is available. However,...

CVE-2026-31546

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bonddebugrlbhashshow rlbclearslave intentionally keeps RLB hash-table entries on the rxhashtblusedhead list with slave set to NULL when no replacement slave is available. However,...

CVE-2026-33318

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

CVE-2026-33318

CVE-2026-33318 affects Actual, a local-first personal finance tool. Prior to version 26.4.0, any authenticated session could escalate to ADMIN on OpenID-migrated servers due to a three‑part chain: 1) missing authorization on POST /account/change-password allows overwriting the password hash; 2) a...