CVE-2026-40290

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...

SUSE-SU-2026:21936-1 Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. - CVE-2026-23274:...

SUSE-SU-2026:21891-1 Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. - CVE-2026-23274:...

SUSE-SU-2026:21939-1 Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. - CVE-2026-23274:...

SUSE CVE-2026-46174

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache Make sure resources are not improperly shared in the op cache and cause instruction corruption this way...

Linux Distros Unpatched Vulnerability : CVE-2026-46174

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache Make sure resources are not improperly shared in the op cache and cause instructi...

CVE-2026-46174

A flaw was found in the Linux kernel, specifically within the x86/CPU/AMD Zen2's op cache. This vulnerability arises from improper isolation of shared resources, which can lead to instruction corruption. The consequence of this flaw is that it may cause unexpected behavior or instability within t...

UBUNTU-CVE-2026-46174

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache Make sure resources are not improperly shared in the op cache and cause instruction corruption this way...

UBUNTU-CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

CVE-2026-46174

In CVE-2026-46174, the Linux kernel vulnerability affects x86/CPU/AMD Zen2 by allowing improper isolation of shared resources in the Zen2 op cache, potentially leading to instruction corruption. The issue has been resolved in the Linux kernel, with Debian and Root packaging advisories noting fixe...

CVE-2026-46174

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache Make sure resources are not improperly shared in the op cache and cause instruction corruption this way...

Security update for xen

This update for xen fixes the following issues CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. CVE-2026-23558: grant tabl...

PT-2026-44297

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache Make sure resources are not improperly shared in the op cache and cause instruction corruption this way...

Pterodactyl has a database resource limit bypass via race condition in Client API

Summary The Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken and doesn't actually lock anything. Details Inside DatabaseController.php, the...

SUSE-SU-2026:2066-1 Security update for xen

This update for xen fixes the following issues - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. - CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. - CVE-2026-23558:...

Malicious code in vite-plugin-css-blend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a47fa75fbd028d1aca89ca790036f760c76d8e486175505ef4a8f59f33e7c76 The package is published as a Vite CSS plugin but exposes no Vite plugin API. Its documented applyGlobalStylespalette, accents export, when called on...

Arbitrary Command Injection

Overview org.webjars.npm:shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Arbitrary Command Injection via the quote function when object-token inputs containing line terminators \n, \r, U+2028, U+2029 in the .op field are not...

UBUNTU-CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

EUVD-2026-31440

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...