EUVD-2026-18647

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the kvm structure for each VM. For non-protected VMs, this structure is initialized from...

CVE-2026-31399 nvdimm/bus: Fix potential use after free in asynchronous initialization

In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if deviceadd fails in ndasyncdeviceregister. Commit b6eae0f61db2 "libnvdimm: Hold reference on parent while...

CVE-2026-31399

CVE-2026-31399 concerns the Linux kernel, specifically a use-after-free in the nvme/nvdimm bus async initialization path. The issue arises if device_add() fails during nd_async_device_register(): the parent device reference could drop to 0 before the parent pointer is accessed, leading to use-aft...

CVE-2026-23425

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the kvm structure for each VM. For non-protected VMs, this structure is initialized from...

CVE-2026-23425

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the kvm structure for each VM. For non-protected VMs, this structure is initialized from...

CVE-2026-23425

CVE-2026-23425 (Linux kernel KVM arm64) — The issue stems from non-protected pKVM guests where the hypervisor copies only the KVM_ARCH_FLAG_ID_REGS_INITIALIZED flag from the host to the hypervisor during pkvm_init_features_from_host, while the actual id_regs data are not initialized. This can cau...

CVE-2026-23425 KVM: arm64: Fix ID register initialization for non-protected pKVM guests

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the kvm structure for each VM. For non-protected VMs, this structure is initialized from...

CVE-2026-29139

SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password...

PT-2026-30039

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue in KVM for arm64 systems related to the initialization of ID registers for non-protected pKVM guests. The hypervisor incorrectly copies the KVM ARCH FL...

Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length

The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI...

PT-2026-30225

prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an initialization error in the ID register of unprotected pKVM clients, potentially leading to...

CVE-2026-23413

A flaw was found in the Linux kernel's clsact qdisc. This use-after-free vulnerability occurs due to an asymmetry in the initialization and destruction rollback process. When a replacement clsact qdisc instance fails during initialization, the destroy callback is triggered without properly...

CVE-2026-5420 Shinrays Games Goods Triple App cats.goods.sort.sorting.games jRwTX.java hard-coded key

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AESIV/AESPASSWORD results in use of hard-coded...

CVE-2026-5420 Shinrays Games Goods Triple App cats.goods.sort.sorting.games jRwTX.java hard-coded key

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. Performing a manipulation of the argument AESIV/AESPASSWORD results in use of hard-coded...

CVE-2026-5420

CVE-2026-5420 affects Shinrays Games Goods Triple App (up to 1.200), specifically the component cats.goods.sort.sorting.games and the file jRwTX.java. The issue arises from manipulating AES_IV/AES_PASSWORD, resulting in the use of a hard-coded cryptographic key. Local attack is required with high...

CVE-2026-23413

The CVE-2026-23413 entry concerns the Linux kernel: a use-after-free in the clsact qdisc during init/destroy rollback caused by asymmetrical initialization between ingress and egress sides. A failed replacement during clsact_init() (e.g., via tcf_block_get_ext()) could leave both ingress and egre...

CVE-2026-23413

In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a seco...

CVE-2026-29139

SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password...

CVE-2026-29139

SEPPmail Secure Email Gateway (before 15.0.3) is affected. The issue arises from abuse of GINA account initialization to perform an account password reset, enabling an account takeover. The vulnerability affects the password reset/authentication flow and is documented in CVE-2026-29139 as a flaw ...