Chromium: CVE-2026-8561 Incorrect security UI in Fullscreen

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the serial CAIF component not properly holding the tty-link reference during operations like...

CVE-2026-7991

Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

Important: docker

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007420)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007420 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: imm: Fix use-after-free bug caused by unfinished delayed work The delayed work item 'immtq'...

kernel security update

3.10.0-1160.119.1.0.15 - Bluetooth: L2CAP: fix use-after-free in l2capconndel CVE-2022-3640 Orabug: 38742878 - Bluetooth: L2CAP: Fix use-after-free caused by l2capchanput Orabug: 38742878 - Bluetooth: L2CAP: Fix user-after-free CVE-2022-50386 Orabug: 38742878 - wifi: brcmfmac: fix use-after-free...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001612)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001612 advisory. The ipxitfioctl function in net/ipx/afipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service...

SUSE-SU-2025:4201-1 Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.10.44 fixes various security issues The following security issues were fixed: - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collectmd xfrm interface bsc1248672. - CVE-2025-38616: tls: handle data disappearing fro...

CVE-2025-12246

A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed...

EUVD-2025-29034

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-39836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - efi: stmm: Fix incorrect buffer allocation method The communication buffer allocated by setupmmhdr is later on passed to teeshmregisterkernelbuf. The latter...

Linux Distros Unpatched Vulnerability : CVE-2023-52493

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the...

Linux Distros Unpatched Vulnerability : CVE-2022-39394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the...

UBUNTU-CVE-2025-38113

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Fix NULL pointer dereference when nosmp is used With nosmp in cmdline, other CPUs are not brought up, leaving their cpcdescptr NULL. CPU0's iteration via foreachpossiblecpu dereferences these NULL pointers, causing...

CVE-2022-49298

CVE-2022-49298 : Linux kernel staging rtl8712 driver fix for uninitialized mac[6] in r871xu_drv_init() after tmpU1b from r8712_read8(padapter, EE_9346CR) == 0. KMSAN reported uninit-value in that function and call chain (usb_intf.c:541; usb_probe_interface; device probing). Concrete details are p...

PT-2024-28723 · Unknown · Red Discord Bot

Name of the Vulnerable Software and Affected Versions: Red-DiscordBot versions prior to 3.5.10 Description: A bug in Red's Core API may authorize a user to run a command even when that user doesn't have permissions to manage a channel. This issue affects 3rd-party cogs using the @commands.can...

SUSE CVE-2015-5190

The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL...

SUSE CVE-2008-0599

The initrequestinfo function in sapi/cgi/cgimain.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATHTRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI...

PT-2022-21200

Name of the Vulnerable Software and Affected Versions Grafana version 8.4.3 Description The issue allows unauthenticated access via a "/dashboard/snapshot/?orgId=0" URI. The vendor considers this a UI bug, not a vulnerability. Recommendations For Grafana version 8.4.3, consider restricting access...

GHSA-4MRX-6FXM-8JPG Buffer Overflow in vyper

Impact Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Patches 0.3.2 as of https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b Workarounds Use .vy...