kernel: Linux kernel: Use-after-free in IPv6 address deletion may lead to a denial of service

A flaw was found in the Linux kernel. An issue exists in the inet6addrdel function, where a use-after-free vulnerability can be triggered due to an incorrect order of operations when deleting IPv6 temporary addresses. A local attacker with low privileges could exploit this flaw to potentially cau...

Mattermost fails to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals e.g., ::ffff:127.0.0.1.. Mattermost...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-005502)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005502 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in ip6makeskb As it was done in commit fc1092f51567 ipv4:...

OpenClaw Server-Side Request Forgery Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a server-side request forgery vulnerability. The vulnerability stems from the fact that SSRF protection can be bypassed using a full form IPv4 mapping IPv6 literal, which can be exploited by an attacke...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Craft CMS 代码问题漏洞

Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in versions 4.5.0-RC1 to 4.16.18, and from 5.0.0-RC1 to 5.8.22 of Craft CMS. These vulnerabilities stem from a GraphQL Asset mutation where the SSRF validation only parses IPv4 addresses,...

Exploit for CVE-2026-26988

!Authorhttps://img.shields.io/badge/Author-Mohammed%20Idrees%...

LibreNMS SQL注入漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 have a SQL injection vulnerability. This vulnerabilit...

PT-2026-20903

Name of the Vulnerable Software and Affected Versions LibreNMS versions 25.12.0 and below Description LibreNMS is a network monitoring tool. The application does not properly sanitize user input when processing IPv6 address searches in the ajax table.php endpoint. The address parameter is split...

CVE-2026-23124 ipv6: annotate data-race in ndisc_router_discovery()

In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndiscrouterdiscovery syzbot found that ndiscrouterdiscovery could read and write in6dev-ramtu without holding a lock 1 This looks fine, IFLAINET6RAMTU is best effort. Add READONCE/WRITEONCE to document...

SUSE-SU-2026:0495-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255594. - CVE-2025-38129: pagepool: fix inconsistency for pagepoolringlock...

SUSE-SU-2026:0475-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255594. - CVE-2025-38129: pagepool: fix inconsistency for pagepoolringlock bsc1245723...

CVE-2026-24398

CVE-2026-24398 — Hono IPv4 address validation bypass : Prior to 4.11.7, IP Restriction Middleware fails to validate IPv4 octets in the src/utils/ipaddr.ts code paths, due to a permissive IPv4_REGEX and an unsafe convertIPv4ToBinary function. This allows crafting malformed IPs that can bypass IP-b...

CVE-2026-23004 dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()

In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6uncachedlistdel and rtdeluncachedlist syzbot was able to crash the kernel in rt6uncachedlistflushdev in an interesting way 1 Crash happens in listdelinit/INITLISTHEAD while writing list-prev, while the prior...

SUSE-SU-2026:0278-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. - CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. -...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38147)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38147 advisory. - In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso functions fo...

SUSE-SU-2026:0176-1 Security update for the Linux Kernel (Live Patch 44 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.176 fixes various security issues The following security issues were fixed: - CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. - CVE-2022-50327: ACPI: processor: idle:...

Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.272 fixes various security issues The following security issues were fixed: CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. CVE-2022-50327: ACPI: processor: idle: Check...

MiracleLinux 3 : kernel-2.6.18-348.2.AXS3 (AXSA:2013-124:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-124:02 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002352)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002352 advisory. The udpv6pushpendingframes function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data...