19534 matches found
CVE-2026-43261
In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...
CVE-2026-43237
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Refactor amdgpugemvaioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amdgpugemvaioctl function, key updates include: - Moved the logic for managing the last update fence...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CVE-2026-31431 Checker & Mitigator A simple, safe vulnerabili...
PT-2026-37601
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The TSV110 processor is susceptible to the Spectre-BHB Branch History Buffer attack. This issue allows for the leakage of information via branch prediction side channels, which are...
Linux Distros Unpatched Vulnerability : CVE-2026-43261
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited ...
JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)
Summary JupyterHub's XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, which they are not, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attacke...
Signature Verification on AVX2 Platforms Mishandles Edge Case
The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...
CVE-2026-39852
A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...
Important: kernel-livepatch-6.12.74-98.124
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...
Internet of Things Security: A Survey on Common Attacks
The exponential growth of the Internet of Things IoT has integrated connected devices into various sectors like smart cities, digital health, and Industry 4.0, generating vast amounts of real-time data to support intelligent decision-making. However, this widespread adoption is fundamentally...
GHSA-RPFR-X88X-XWCW Pelican Web UI Affected by a Privilege Escalation Attack
Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI for various versions between v7.21 and v7.24. Upon further investigation, the Pelican team discovered this attack allows any...
Pelican Web UI Affected by a Privilege Escalation Attack
Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI for various versions between v7.21 and v7.24. Upon further investigation, the Pelican team discovered this attack allows any...
CVE-2026-42027
Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 1.9.5, before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its...
firefox: thunderbird: Mitigation bypass in the File Handling component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the File Handling component...
firefox: thunderbird: Mitigation bypass in the DOM: Security component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
CVE-2026-6266
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...
CVE-2026-6526
A flaw was found in Wireshark, a network protocol analyzer. By processing a specially crafted Real-Time Streaming Protocol RTSP packet, a remote attacker could cause the Wireshark application to crash, leading to a denial of service. This vulnerability affects the RTSP protocol dissector...
CVE-2026-6537
A flaw was found in Wireshark. A remote attacker could exploit a vulnerability in the ZigBee protocol dissector by crafting a malicious packet. This could lead to a crash of the Wireshark application, resulting in a denial of service DoS for the user. Mitigation To mitigate this issue, users can...
CVE-2026-6524
A flaw was found in Wireshark, a widely used network protocol analyzer. A remote attacker could exploit a vulnerability within the MySQL protocol dissector, the part of the software that interprets MySQL network communications. This could lead to a denial of service, causing the Wireshark...
CVE-2026-40974
A flaw was found in Spring Boot's Cassandra auto-configuration. This vulnerability allows an adjacent attacker to bypass hostname verification during SSL Secure Sockets Layer connection establishment to Cassandra. This could enable a man-in-the-middle attack, potentially leading to unauthorized...