PT-2026-40650

Name of the Vulnerable Software and Affected Versions BIG-IP Virtual Edition VE affected versions not specified BIG-IP hardware platforms affected versions not specified Description Undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate when an SSL profile is configured...

EUVD-2026-28265

Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...

PT-2026-36386

In the Linux kernel, the following vulnerability has been resolved: comedi: dt2815: add hardware detection to prevent crash The dt2815 driver crashes when attached to I/O ports without actual hardware present. This occurs because syzkaller or users can attach the driver to arbitrary I/O addresses...

SUSE-SU-2026:20997-1 Security update for cockpit-repos

This update for cockpit-repos fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258637...

UBUNTU-CVE-2026-25537

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

CVE-2026-25537

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

PT-2026-6431

Summary: It has been discovered that there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s internal parsing mechanism...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993020)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993020 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpicpufreqgetrate cpufreqcpugetraw can return NULL when the...

kernel: ethtool: check device is present when getting link settings

A flaw was found in ethtool in the Linux kernel, where sysfs reader getting link settings can attempt to read the device state on a device that is not present, leading to a crash...

UBUNTU-CVE-2023-53847

In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about access to an uninitialized value in the alauda subdriver of usb-storage: BUG: KMSAN: uninit-value in alaudatransport+0x462/0x57f0...

kernel: ethtool: check device is present when getting link settings

A flaw was found in ethtool in the Linux kernel, where sysfs reader getting link settings can attempt to read the device state on a device that is not present, leading to a crash...

kernel: ethtool: check device is present when getting link settings

A flaw was found in ethtool in the Linux kernel, where sysfs reader getting link settings can attempt to read the device state on a device that is not present, leading to a crash...

PT-2025-49373

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s handling of page faults within secret memory files created using memfd secret2. Concurrent page faults in the same page by multiple tasks can lead to ...

UBUNTU-CVE-2025-37829

In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpicpufreqgetrate cpufreqcpugetraw can return NULL when the target CPU is not present in the policy-cpus mask. scpicpufreqgetrate does not check for this case, which results in a NULL pointer...

Linux Distros Unpatched Vulnerability : CVE-2025-21654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ovl: support encoding fid from inode with no alias Dmitry Safonov reported that a WARNON...

Linux Distros Unpatched Vulnerability : CVE-2023-5595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV. CVE-2023-5595 Note that Nessus relies on the presence of the package as reported by the...

CVE-2024-50132

Technical details for CVE-2024-50132 are not publicly available in the provided documents. Monitor for updates.

kernel: ethtool: check device is present when getting link settings

A flaw was found in ethtool in the Linux kernel, where sysfs reader getting link settings can attempt to read the device state on a device that is not present, leading to a crash...

CVE-2024-47687

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix invalid mr resource destroy Certain error paths from mlx5vdpadevadd can end up releasing mr resources which never got initialized in the first place. This patch adds the missing check in mlx5vdpadestroymrresources ...

kernel: ethtool: check device is present when getting link settings

A flaw was found in ethtool in the Linux kernel, where sysfs reader getting link settings can attempt to read the device state on a device that is not present, leading to a crash...