CVE-2026-43137

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopbac...

CVE-2025-71292

In the Linux kernel, the following vulnerability has been resolved: jfs: nlink overflow in jfsrename If nlink is maximal for a directory -1 and inside that directory you perform a rename for some child directory not moving from the parent, then the nlink of the first directory is first incremente...

CVE-2026-44983

creationtimestamp| type| source ---|---|--- 2026-05-06 11:59:16+00:00| published-proof-of-concept| https://github.com/servo/smallbitvec/security/advisories/GHSA-97wc-2hqc-cjgr 2026-05-27 01:01:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmsco5lniw2k...

CVE-2025-71292

Summary (CVE-2025-71292): The Linux kernel JFS component has a vulnerability where, if a directory’s link count (nlink) is at its maximum and a rename operation affects a child directory, the nlink can wrap from -1 to 0, triggering an erroneous drop_nlink warning. Multiple sources indicate this h...

CVE-2025-71292

In the Linux kernel, the following vulnerability has been resolved: jfs: nlink overflow in jfsrename If nlink is maximal for a directory -1 and inside that directory you perform a rename for some child directory not moving from the parent, then the nlink of the first directory is first incremente...

CVE-2026-43243

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add signal type check for dcn401 getphyd32clksrc Trying to access link enc on a dpia link will cause a crash otherwise...

CVE-2026-43243 drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add signal type check for dcn401 getphyd32clksrc Trying to access link enc on a dpia link will cause a crash otherwise...

CVE-2026-43243

CVE-2026-43243 affects the Linux kernel drm/amd/display subsystem, specifically the dcn401 get_phyd32clk_src path, where missing signal type checks can cause a crash when accessing a DP link on DPIA. Connected OSV entries show Root and Debian/Ubuntu patches applied to rootio-linux (Ubuntu 22.04/2...

CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode PCIe endpoints with ATS enabled and passed through to userspace e.g., QEMU, DPDK can hard-lock the host when their link drops, either by surprise...

CVE-2026-43134

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAPLECONNREQ This adds a check for encryption key size upon receiving L2CAPLECONNREQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAPCRLEBADKEYSIZE...

Cross-site Scripting (XSS)

Overview org.apache.wicket:wicket-extensions is a rich component library for the Wicket framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper neutralization of JavaScript in PopupSettings.java‎, Link.java, and ExternalLink.java markup. An attacker ca...

Cross-site Scripting (XSS)

Overview org.apache.wicket:wicket-core is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing an...

CVE-2026-7332

creationtimestamp| type| source ---|---|--- 2026-05-06 10:26:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml6ih6wfse2i 2026-05-08 21:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mleombezzn2h...

CVE-2026-41288

creationtimestamp| type| source ---|---|--- 2026-05-06 10:24:20+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/watchguard-security-advisory-av26-428 2026-05-06 17:38:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml7ak7bskn2c 2026-05-07 02:36:02+00:00| seen|...

CVE-2026-6672

creationtimestamp| type| source ---|---|--- 2026-05-06 10:21:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml6i676cax2p 2026-05-09 02:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlf7epospu2h...

CVE-2026-7841

creationtimestamp| type| source ---|---|--- 2026-05-06 09:57:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml6gseenn52p 2026-05-06 10:07:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml6hel52bm2k 2026-05-06 18:59:50+00:00| seen|...

CVE-2026-2306

creationtimestamp| type| source ---|---|--- 2026-05-06 09:52:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml6giu44bd2h 2026-05-08 20:33:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlelayhfyr2u...

Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs

Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool RAT and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. "According to the functionalities of the CloudZ RAT and Pheno plugin, this was...

CVE-2026-7573

creationtimestamp| type| source ---|---|--- 2026-05-06 05:23:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml5xioq7lt2n...

CVE-2026-41429

creationtimestamp| type| source ---|---|--- 2026-05-06 04:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3ml5ta25iz32p 2026-05-08 11:02:15+00:00| seen| https://bsky.app/profile/keiwork35.bsky.social/post/3mldle5h5if2b...