CVE-2025-71272

The CVE-2025-71272 entry concerns a Linux kernel resource-leak in most_register_interface(). When initialization fails before device registration, memory for the interface could be leaked. The fix initializes the device early with device_initialize(), calls put_device() on all error paths, and sw...

CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths

In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early before registering the device. In these cases, it returned an error code...

CVE-2026-43085

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinklog: initialize nfgenmsg in NLMSGDONE terminator When batching multiple NFLOG messages inst-qlen 1, nfulnlsend appends an NLMSGDONE terminator with sizeofstruct nfgenmsg payload via nlmsgput, but never...

CVE-2026-43085

CVE-2026-43085: In the Linux kernel, nfnetlink_log did not initialize the nfgenmsg payload when emitting NLMSG_DONE terminators while batching multiple NFLOG messages, leaking four bytes of stale heap data to userspace. The issue is fixed by using nfnl_msg_put() to build the NLMSG_DONE terminator...

CVE-2026-43085 netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinklog: initialize nfgenmsg in NLMSGDONE terminator When batching multiple NFLOG messages inst-qlen 1, nfulnlsend appends an NLMSGDONE terminator with sizeofstruct nfgenmsg payload via nlmsgput, but never...

SUSE CVE-2026-43049

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure Presently, if the force feedback initialisation fails when probing the Logitech G920 Driving Force Racing Wheel for Xbox One, an error number wi...

SUSE CVE-2026-43055

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio is executed, we may get a bogus kiwritestream value, causing unintend...

PT-2026-37447

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the most register interface function. The function fails to correctly release resources when an error occurs before the device is registered, resulting in the...

PT-2026-38239

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description An insufficient environment variable denylist in the exec environment policy allows operator-supplied overrides of high-risk interpreter startup variables. Specifically, the variables VIMINIT,...

PT-2026-37471

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference occurs in the Linux kernel within the drm/amd/pm component. This issue is triggered during RAS Reliability, Availability, and Serviceability initialization whe...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hid-pl driver’s failure to handle initialization errors, potentially leading to null pointer...

Linux Distros Unpatched Vulnerability : CVE-2025-71272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - most: core: fix resource leak in mostregisterinterface error paths The function mostregisterinterface did not correctly release resources if it failed early...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the macsmc driver not initializing, potentially leading to null pointer dereferencing...

PT-2026-37500

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the macsmc multi-function device mfd where the mutex in struct apple smc is not initialized within the apple smc probe function. This lack of initialization can lead t...

CVE-2026-34458

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions EditAdminOnly and ConfigPassword and inject arbitrary directives into the global...

CLSA-2026-1777950533 openssh: Fix of CVE-2026-3497

CVE-2026-3497: fix information disclosure / DoS in GSSAPI key exchange by initialising gssbuf, recvtok, msgtok to GSSCEMPTYBUFFER and replacing non-terminating sshpktdisconnect with sshpacketdisconnect in kexgssc.c / kexgsss.c...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from the improper initialization of Dawn, which could allow remote attackers to obtain sensitive information from the process...

Unsafe Reflection

Overview Affected versions of this package are vulnerable to Unsafe Reflection that leads to arbitrary class instantiation, via the instantiateExtension method in the ExtensionLoader class. An attacker can trigger the static initializer of any class present on the classpath by supplying a model...

CVE-2026-42027

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

CVE-2026-42027

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...