PT-2026-46013

In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, current thread info is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

CVE-2026-9599

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

CVE-2026-9599

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

EUVD-2026-33894

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

PT-2026-45712

Name of the Vulnerable Software and Affected Versions Tectite Forms versions prior to 1.4 Description The Tectite Forms plugin for WordPress is subject to Cross-Site Request Forgery due to missing or incorrect nonce validation in the admin init function. A nonce is a unique token used to verify...

ASB-A-463980379

In pnginitreadtransformations of pngrtran.c, there is a possible way to cause a persistent denial of service due to a heap buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

RockyLinux 9 : libsndfile (RLSA-2026:19610)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19610 advisory. libsndfile: integer overflow in imareaderinit CVE-2026-37555 Tenable has extracted the preceding description block directly from the RockyLinux security advisory...

libsndfile security update

An update is available for libsndfile. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libsndfile is a C library for reading and writing files containing sample...

SUSE CVE-2026-46169

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread doesn't validate that the on-disk record size matches the expected si...

Linux Distros Unpatched Vulnerability : CVE-2026-46136

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7921: fix a potential clc buffer length underflow The buflen is used to limit the iterations for retrieving the country power setting and may...

OpenSC 安全漏洞

OpenSC is an open-source smart card tool and middleware developed by OpenSC. Versions of OpenSC prior to 0.27.0 contained security vulnerabilities. These vulnerabilities stemmed from a stack and heap buffer overflow vulnerability in the dokeyvalue function located in src/pkcs15init/profile.c. Thi...

amazon-ecs-init-1.103.2-1.1 on GA media (moderate)

amazon-ecs-init-1.103.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10871-1 Rating: moderate Cross-References: CVE-2026-39821 CVSS scores: CVE-2026-39821 SUSE : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2026-39821 SUSE : 9.1...

CVE-2026-41184

In Calico, the install-cni init container logs the rendered CNI configuration and, when the template uses the SERVICEACCOUNT_TOKEN placeholder (Canal/Flannel-Calico deployments), substitutes the live Kubernetes ServiceAccount bearer token for logging. This exposes the token to any authenticated u...

RLSA-2026:19610 Important: libsndfile security update

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fixes: libsndfile: integer overflow in imareaderinit CVE-2026-37555 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

UBUNTU-CVE-2026-46221

In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc in initonemc is assigned to dev-initname but never freed on the normal removal path. deviceregister copies initname and then sets dev-initname to...

CVE-2026-46221

CVE-2026-46221 concerns the Linux kernel EDAC/versalnet component. The issue is a memory leak where the device name allocated with kzalloc() in init_one_mc() is assigned to dev->init_name, then never freed on the normal removal path. Since device_register() copies init_name and then sets dev-&...

EUVD-2026-32774

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix pin leak and publication ordering in pkvminitvcpu Two bugs exist in the vCPU initialisation path: 1. If a check fails after hyppinsharedmem succeeds, the cleanup path jumps to 'unlock' without calling unpinhostvcp...

CVE-2026-46147

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix pin leak and publication ordering in pkvminitvcpu Two bugs exist in the vCPU initialisation path: 1. If a check fails after hyppinsharedmem succeeds, the cleanup path jumps to 'unlock' without calling unpinhostvcp...

SUSE CVE-2026-45852

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxesrqfrominit In rxesrqfrominit, the queue pointer 'q' is assigned to 'srq-rq.queue' before copying the SRQ number to user space. If copytouser fails, the function calls rxequeuecleanup to free the...