EUVD-2025-209969

In the Linux kernel, the following vulnerability has been resolved: drm/display/dpmst: Add protection against 0 vcpi When releasing a timeslot there is a slight chance we may end up with the wrong payload mask due to overflow if the delayeddestroywork ends up coming into play after a DP 2.1 monit...

CVE-2026-45952

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all multi-fr...

CVE-2026-45890

In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect function in the backend only validates the upper bound requestednumqueue...

UBUNTU-CVE-2026-45890

In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect function in the backend only validates the upper bound requestednumqueue...

UBUNTU-CVE-2026-46063

In the Linux kernel, the following vulnerability has been resolved: x86/shstk: Prevent deadlock during shstk sigreturn During sigreturn the shadow stack signal frame is popped. The kernel does this by reading the shadow stack using normal read accesses. When it can't assume the memory is shadow...

UBUNTU-CVE-2026-45952

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all multi-fr...

CVE-2026-6052 IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables...

CVE-2026-46079 rbd: fix null-ptr-deref when device_add_disk() fails

In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when deviceadddisk fails dorbdadd publishes the device with deviceadd before calling deviceadddisk. If deviceadddisk fails after deviceadd succeeds, the error path calls rbdfreedisk directly and then later...

CVE-2026-45952

The CVE-2026-45952 issue affects the Linux kernel fbnic driver. It concerns MTU changes when an XDP program is attached: increasing MTU beyond the hardware threshold can cause fragmentation across multiple buffers, and the driver will drop all multi-fragment frames for single-buffer XDP. This can...

CVE-2026-45890

The CVE-2026-45890 issue affects the Linux kernel Xen-netback. A Xen guest can set multi-queue-num-queues to 0; the connect() validation checks only the upper bound (requested_num_queues > xenvif_max_queues) and does not reject zero. This can reach vzalloc(array_size(0, sizeof(struct xenvif_qu...

CVE-2025-71305

In the Linux kernel, the following vulnerability has been resolved: drm/display/dpmst: Add protection against 0 vcpi When releasing a timeslot there is a slight chance we may end up with the wrong payload mask due to overflow if the delayeddestroywork ends up coming into play after a DP 2.1 monit...

Kali365 phishing kit bypasses MFA and steals Microsoft logins

When the Federal Bureau of Investigation FBI publishes a dedicated public service announcement about a new phishing kit, it’s worth paying attention to. The agency is now warning about “Kali365,” a phishing‑as‑a‑service PhaaS platform that helps even low‑skilled attackers hijack Microsoft 365...

CVE-2026-3348

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings Description, Title, and other fields in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake

Security teams need high-quality, labeled datasets to train threat hunters and incident responders, validate detection logic, and develop robust analytic models. EvidenceForge helps teams overcome the limitations of anonymized or stale public datasets, while avoiding the cost and complexity of...

CVE-2026-2288

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linktitle' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access...

Towards Cybersecurity SuperIntelligence (CSI): What'S the Best Harness for Cybersecurity?

What is the best harness for cybersecurity AI? Cybersecurity systems are converging on a single execution scaffold per agent, an iterative shell loop driven by a Large Language Model LLM. However, scaffolds are not interchangeable, rarely interoperable, and no single scaffold dominates across all...

UFO³ 安全漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a security vulnerability. This vulnerability stems from variable instance fields being overwritten in the shared WebSocket processor instances, whi...

PT-2026-43688

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the DisplayPort Multi-Stream Transport MST component where releasing a timeslot can lead to an incorrect payload mask due to an overflow. This occurs if the delayed...

CVE-2026-24197

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU MIG partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this...

UBUNTU-CVE-2026-24197

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU MIG partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this...