PT-2026-44231

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the ipmi:si component where the driver fails to return to a normal state when message allocation fails,...

PT-2026-44232

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Linux kernel within the ULPI UTMI Low Pin Interface driver. When the ulpi of register or ulpi read id functions fail before device register is called, the...

PT-2026-44351

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the spi: ch341 driver where device managed resources were tied to the parent USB device instead of the USB interface. This can lead to memory leaks when drivers are...

PT-2026-44542

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the state machine’s operation is not canceled after unbinding in the spi...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with on-chip select control in the spi microchip-core-qspi component. This vulnerability...

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from improper input handling. This vulnerability may allow users with write permissions for Elasticsearch indexes to persistently store...

PT-2026-44664

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 148.0.7778.216 Description A use after free issue allows a remote attacker to execute arbitrary code via a crafted HTML page. This exploitation requires the attacker to convince a user to perform specific...

Important: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

CVE-2026-45969

A flaw was found in the Linux kernel's Human Interface Device HID PlayStation driver. The psgamepadcreate function does not verify the return value of inputffcreatememless. This missing check can lead to incorrect behavior or potential system crashes when Force Feedback FF effects are activated...

CVE-2026-21785

A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources...

CVE-2026-21785

CVE-2026-21785 relates to a misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions ≤ 10.1.0.0442). The CSP failures occur because directives are defined without fallbacks, enabling attackers to bypass intended security restrictions and load unauthorized re...

CVE-2026-21785 HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy

A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources...

CVE-2025-68709

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

CVE-2026-9478

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack may be performe...

CVE-2026-9406

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed...

CVE-2025-36126

IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting XSS in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended...

CVE-2026-9385

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument command causes os command injection. The attack is possible to be...

CVE-2026-8360

CVE-2026-8360 affects the Triofox server components using WOSCommonUtil.dll, specifically the function WOSSysInfoGetDeviceInterface() called by DLLs such as WOSProfileMgrModule.dll and WOSWebDavModule.dll . The vulnerability arises when these calls can return a NULL pointer (e.g., when no user is...

CVE-2026-8360 Gladinet Triofox Unchecked Return Value to NULL Pointer Dereference DOS

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...