CVE-2026-43161

A flaw was found in the Linux kernel's Intel IOMMU Input/Output Memory Management Unit virtual technology for directed I/O VT-d subsystem. When a PCIe Peripheral Component Interconnect Express endpoint device, especially when passed through to userspace applications like QEMU or DPDK, unexpectedl...

CVE-2026-22682

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

CVE-2026-23035

The CVE-2026-23035 entries describe a Linux kernel mlx5e issue where mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails. The fix involves passing netdev to mlx5e_destroy_netdev() instead of priv and validating priv->profile in mlx5e_remove to avoid operating o...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002066)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002066 advisory. The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG...

SUSE CVE-2025-68303

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel: punitipc: fix memory corruption This passes the address of the pointer "&punitipcdev" when the intent was to pass the pointer itself "punitipcdev" without the ampersand. This means that the:...

CVE-2023-53166

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq25890: Fix externalpowerchanged race bq25890chargerexternalpowerchanged dereferences bq-charger, which gets sets in bq25890powersupplyinit like this: bq-charger = devmpowersupplyregisterbq-dev, &bq-desc, &psycfg;...

Linux Distros Unpatched Vulnerability : CVE-2022-42334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to...

CVE-2025-38662 ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365daisetpriv Given mt8365daisetpriv allocate privsize space to copy privdata which means we should pass mt8365i2sprivi or "struct mtkafei2spriv" instead of afepriv which ha...

CVE-2012-10037

PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No...

Security update for python-urllib3

This update for python-urllib3 fixes the following issues: CVE-2025-50181: Pool managers now properly control redirects when retries is passed. bsc1244925 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

CVE-2025-48053 Discourse vulnerable to DoS via large URL payload in PM to a bot

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance...

CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

PT-2024-26909 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta4 on the beta and tests-passed branches Description: The issue affects moderators using the review queue, allowing them to see a user's email address...

PT-2024-27341 · Discourse +1 · Discourse +1

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta4 on the beta and tests-passed branches Description: Discourse is an open-source discussion platform. A malicious actor could get the FastImage libra...

BIT-DISCOURSE-2021-32764 YouTube Onebox susceptible to XSS

Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. The issue is...

BIT-DISCOURSE-2021-39161 Cross-site scripting via category name in Discourse

Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scriptingXSS attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed...

BIT-DISCOURSE-2022-24850 Category group permissions leaked in Discourse

Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should...

BIT-DISCOURSE-2022-31025 Invite bypasses user approval in Discourse

Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the stable branch and 2.9.0 on the beta and tests-passed branches, inviting users on sites that use single sign-on could bypass the mustapproveusers check and invites by staff are always approved automaticall...

BIT-DISCOURSE-2022-31060 Banner topic data is exposed on login-required Discourse sites

Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the beta and tests-passed branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the stable branch and version 2.9.0.beta5 in...

BIT-DISCOURSE-2023-23622 Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or...