PT-2026-36389

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A state inconsistency occurs in the cdns3 USB driver when cdns3 gadget start fails. In this scenario, the Dual-Role Device DRD hardware remains in gadget mode while the software state is...

PT-2026-36435

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the Bluetooth component. In the hci le remote conn param req evt function, the hci conn lookup and field access are not properly protected by the hde...

PT-2026-36847

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.10.5 Description An insufficient fix in the sandbox implementation allows attackers to bypass security restrictions, enabling them to escape the VM2 sandbox and execute arbitrary commands on the host system. This is...

PT-2026-38395

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description Sandboxed code can call the Buffer.alloc function with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, the timeout option cannot...

libcurl 7.71.0 < 8.20.0 Cookie Leak via Stale Host Header

The version of libcurl installed on the remote host is 7.71.0 prior to 8.20.0. It is, therefore, affected by a cookie leak vulnerability: - When using the same connection handle for multiple HTTP requests, if a custom Host: header is removed in a subsequent request, the second request would use...

PT-2026-36407

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci sync: fix stack buffer overflow in hci le big create sync hci le big create sync uses DEFINE FLEX to allocate a struct hci cp le big create sync on the stack with room for 0x11 17 BIS entries. However, conn-num bis...

PT-2026-36393

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free error exists in the usbtmc release function. This occurs because pending anchored URBs USB Request Blocks are not properly flushed or killed, which can lead to memory...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a stack buffer overflow in the Bluetooth HCI synchronization command, which could lead to memory corruption...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the hcileremoteconnparamreqevt function in Bluetooth hcievent not locking the hciconn, which could lead to...

PT-2026-36846

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description vm2 is an open source sandbox for Node.js that contains a sandbox breakout issue caused by incorrect code generation management. This allows attackers to bypass JavaScript sandbox isolation and execute...

Wireshark 2.0.x < 2.0.13 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.0.13. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.0.13 advisory. - In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed i...

PT-2026-36852

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.10.5 Description A critical sandbox escape exists in the vm2 library, which is used to run untrusted JavaScript code in Node.js applications. This issue allows an attacker to break out of the restricted environment and...

TOTOLINK NR1800X 缓冲区错误漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data service deployment for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a buffer error vulnerability. This...

PT-2026-36293

Name of the Vulnerable Software and Affected Versions Totolink NR1800X version 9.1.0u.6279 B20210910 Description A stack-based buffer overflow exists in the lighttpd component. This issue occurs when the find host ip function improperly handles the Host argument, allowing a remote attacker to...

Wireshark 2.0.x < 2.0.4 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.0.4 advisory. - epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the...

GHSA-RH99-WC69-C255 Contras Affected by CopyFile Policy Subversion via Symlinks

Impact The Kata agent policies generated by the Contrast CLI had an issue in the CopyFile verification, which allowed arbitrary writes to the guest root filesytem. A malicious process on the host with the capability to connect to the Kata agent VSOCK could connect to the agent and issue a series ...

CVE-2026-41940

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

SUSE-SU-2026:21452-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

Exploit for CVE-2026-41940

SessionScribe - CVE-2026-41940 Detection, mitigation, and rev...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.2 release and security update

Red Hat JBoss Web Server 6.2.2 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CV...