EUVD-2026-39293

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied datasize is cast to signed int before being used in mint. Large unsigned values = 0x80000000 become negative, causing...

CVE-2026-53202

The CVE-2026-53202 entry details a Linux kernel issue in accel/ivpu related to a signed integer truncation during IPC receive. Firmware-supplied data_size could be cast to a signed int, causing large unsigned values (>= 0x80000000) to become negative, which leads to unsigned wraparound and pot...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the return result of sbminblocksize Syzkaller reports a bug named “UBSAN: out-of-bounds access in squashfsbioread”. Syzkaller forks multiple processes. After mounting the Squashfs filesystem, it issues an...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed undefined behavior in the interpreter’s sdiv/smod operations for INTMIN. The BPF interpreter’s signed 32-bit division and modulo operations use the kernel’s abs macro for s32 operands. The documentation for the abs mac...

CVE-2026-12136 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasicsuseravatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied attributes minheight,...

CVE-2026-39437

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

EUVD-2026-37044

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

CVE-2026-39437

The CVE-2026-39437 issue affects the WordPress plugin “Min Max Step Quantity Limits Manager for WooCommerce” (versions ≤ 5.2.2). The vulnerability is an unauthenticated Cross Site Scripting (XSS), described as reflected in Patchstack and corroborated by NVD/CVE listings. The root cause is an inpu...

EUVD-2026-37039

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

Linux Distros Unpatched Vulnerability : CVE-2026-52905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 mm/damon: add damonctx-minszregion introduced a bug that allows unaligned...

CVE-2026-52905

A flaw was found in the Linux kernel's Data Access MONitor DAMON core. The damonstart function, when used via the DAMON sysfs interface, failed to properly validate the minregionsz parameter. This allowed non-power of two values, which could lead to unaligned DAMON region address ranges and...

CVE-2026-52905

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

UBUNTU-CVE-2026-52905

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

EUVD-2026-35434

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

CVE-2026-52905

The provided CVE-2026-52905 details a Linux kernel DAMON subsystem issue in mm/damon/core where a bug from damon_ctx-&gt;min_sz_region allowed damon_start() to emit non-power-of-two min_region_sz, despite an earlier fix for damon_commit_ctx(). The connected documents state that the path is now pr...

CVE-2026-52905 mm/damon/core: disallow non-power of two min_region_sz on damon_start()

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

CVE-2026-52905

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

PT-2026-47791

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the DAMON Data Access MONitor subsystem allows the use of unaligned region address ranges. This occurs because the sysfs interface can emit a min region sz value that is not a...

CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...