SUSE-SU-2026:21637-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects bsc1263819...

GHSA-PJWX-R37V-7724 LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists

LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with allowedobjects="all". This does not enable arbitrary Python object deserialization, but it does allow...

LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists

LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with allowedobjects="all". This does not enable arbitrary Python object deserialization, but it does allow...

GHSA-9VG3-4RFJ-WGCM vm2 has Sandbox Breakout Through Null Proto Exception

Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details In handleException due to // SECURITY post-GHSA-mpf8 hardening: use from not ensureThis exceptions with a...

CVE-2026-43368

The CVE-2026-43368 entry concerns the Linux kernel DRM/i915 component (GEM shmem objects). A overflow can occur in the unsigned int .length field of a scatterlist when a scatterlists table for a GEM shmem object of 4 GB or more is built from folio-allocated pages, causing the total byte length of...

CVE-2025-71298 drm/tests: shmem: Hold reservation lock around madvise

In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around madvise Acquire and release the GEM object's reservation lock around calls to the object's madvide operation. The tests use drmgemshmemmadviselocked, which led to errors such as show...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper acquisition and release of the reservation locks for GEM objects before and after vm...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.37 and PraisonAIagents prior to 1.6.37 have security vulnerabilities. These vulnerabilities stem from unresolved tool name resolution issues, which may allow attackers to...

PT-2026-39105

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/amdkfd component where the error handling path fails to unreserve the buffer object bo when a queue update fails. Recommendations At the moment, there is no...

PT-2026-39243

Name of the Vulnerable Software and Affected Versions Gitsign versions prior to 0.16.0 Description gitsign verify and gitsign verify-tag re-encode commit or tag objects using the EncodeWithoutSignature function from the go-git library before checking the signature, rather than verifying the raw g...

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

Improper Isolation or Compartmentalization

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the globalPromise.prototype.then onFulfilled wrapper in the Promise bridge. An...

CVE-2026-43268

A flaw was found in the HFS Plus hfsplus filesystem within the Linux kernel. This vulnerability occurs because the hfsplus filesystem incorrectly identifies certain special filesystem objects as regular files. This misclassification can lead to inconsistencies with how the operating system's...

PT-2026-38391

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description A sandbox boundary violation allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the...

Mozilla Firefox和Mozilla Firefox ESR 资源管理错误漏洞

Mozilla Firefox and Mozilla Firefox ESR are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Both Mozilla Firefox and Mozilla Firefox ESR have a resource management...

NocoBase 2.0.27 - VM Sandbox Escape

Exploit Title: NocoBase 2.0.27 - VM Sandbox Escape Date: 2026-03-26 Exploit Author: Onurcan Genç Vendor Homepage: https://www.nocobase.com/ Software Link: https://github.com/nocobase/nocobase Version: -u -P --cmd "id"...

CVE-2026-43162

A flaw was found in the Linux kernel's tegra-video driver. This vulnerability, a memory leak, occurs because certain error paths in the tegrachanneltryformat function fail to properly deallocate a state object. Over time, this can lead to increased memory consumption, potentially causing system...

Security update for openCryptoki

This update for openCryptoki fixes the following issues: CVE-2026-40253: updated fix by IBM for malformed BER-encoded cryptographic objects bsc1263819 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2026:1723-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: - CVE-2026-40253: updated fix by IBM for malformed BER-encoded cryptographic objects bsc1263819...