Electerm 参数注入漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm 3.8.15 and earlier have a parameter injection vulnerability. This vulnerability arises from the fact that the terminal hyperlink processor does not validate URLs with respect to protocols. Thi...

PT-2026-39110

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-out-of-bounds issue exists in the nvme-pci component. The problem occurs in the nvme dbbuf set function due to an incorrect loop condition. The dev-online queues variable tracks t...

CVE-2023-42346

Alkacon OpenCms before 16 allows XXE when the refers to an external host...

PT-2026-39076

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the ufshcd wl suspend function. The cancel delayed work sync call is positioned after ufshcd vops suspend, allowing ufshcd rtc work to run while ufshcd vops...

PT-2026-39058

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the samsung dsim host attach function. When drm bridge add is called to add the bridge, a failure in samsung dsim register te irq or pdata-host ops-attach causes...

Linux Distros Unpatched Vulnerability : CVE-2026-41506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentia...

Linux Distros Unpatched Vulnerability : CVE-2026-43289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kexec: derive purgatory entry from symbol kexecloadpurgatory derives image-start by locating eentry inside an SHFEXECINSTR section. If the purgatory object...

CVE-2023-42346

CVE-2023-42346 affects Alkacon OpenCms before version 16, where an external-hosted DOCTYPE can trigger a server-side XML External Entity (XXE) vulnerability. The root cause is improper handling of external entities in XML processing, leading to potential exposure of confidential data (CVSS 3.1 ba...

Linux Distros Unpatched Vulnerability : CVE-2026-43471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommandtrace The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer...

Linux Distros Unpatched Vulnerability : CVE-2026-43396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dmafencechainalloc fails, properly...

zrok 路径遍历漏洞

Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.2 contained a path traversal vulnerability. This vulnerability stemmed from the WebDAV driver’s backend, which restricted path traversal through lexical normalization but did not prevent symbolic links fro...

PT-2026-39014

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the HCI DMA dequeue path within the hci dma dequeue xfer function. This function, which is not serialized, can be invoked for multiple transfers that timeout...

PT-2026-39191

Name of the Vulnerable Software and Affected Versions VM2 affected versions not specified Description A sandbox breakout allows attackers to execute arbitrary commands on the host system. The issue occurs because the neutralizeArraySpeciesBatch function interacts with objects from an external...

Linux Distros Unpatched Vulnerability : CVE-2025-71302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/panthor: fix for dma-fence safe access rules Commit 506aa8b02a8d6 dma-fence: Add safe access helpers and document the rules details the dma-fence safe acces...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from the USB Legacy NCM driver, which delays the allocation of netdevice in gncmbind, and fail...

PT-2026-39093

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the xhci disable slot function. The xhci alloc command function allocates a command structure and, in certain cases, a completion structure. The error handling pa...

Linux Distros Unpatched Vulnerability : CVE-2026-43409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kprobes: avoid crash when rmmod/insmod after ftrace killed After we hit ftrace is killed by some errors, the kernel crash if we remove modules in which kprobe...

Linux Distros Unpatched Vulnerability : CVE-2026-43452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kind, walkers that advance with i +...

Linux Distros Unpatched Vulnerability : CVE-2026-43296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit...

CVE-2026-8034

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...