PT-2026-36101

Name of the Vulnerable Software and Affected Versions nanobot affected versions not specified Description An issue exists where including the | character in a sender address allows an attacker to bypass the Channel allowlist. This bypass provides full access to the Agent Loop, exposing all tools,...

CVE-2026-35341

A flaw was found in uutils coreutils mkfifo. This vulnerability allows a local user to inadvertently change the permissions of an existing file when attempting to create a named pipe FIFO at the same location. The mkfifo utility, instead of failing, proceeds to set the existing file's permissions...

CVE-2026-41477

A flaw was found in Deskflow. A local unprivileged user can exploit this by interacting with an Inter-Process Communication IPC named pipe, which the Deskflow daemon exposes with broad access permissions. The daemon, running with SYSTEM privileges, processes commands without authentication,...

CVE-2026-41477

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

CVE-2026-41477

Technical details about CVE-2026-41477 are not publicly available in the provided documents; no affected versions, root cause, or remediation details are disclosed here. Monitor for updates.

CVE-2026-41477 Deskflow: Local privilege escalation via unauthenticated IPC

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

CVE-2026-41477

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

CVE-2026-41477

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

EUVD-2026-25623

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

CVE-2026-41477 Deskflow: Local privilege escalation via unauthenticated IPC

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer

...

SUSE CVE-2026-31507

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smcspdpriv when tee duplicates splice pipe buffer smcrxsplice allocates one smcspdpriv per pipebuffer and stores the pointer in pipebuffer.private. The pipebufoperations for these buffers used .get =...

EUVD-2026-24885

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smcspdpriv when tee duplicates splice pipe buffer smcrxsplice allocates one smcspdpriv per pipebuffer and stores the pointer in pipebuffer.private. The pipebufoperations for these buffers used .get =...

CVE-2026-31507

CVE-2026-31507 affects the Linux kernel SMC module (net/smc). The vulnerability is a double-free of the per-buffer state (smc_spd_priv) when tee(2) duplicates a splice pipe buffer, leading to a use-after-free and a kernel NULL pointer dereference, ultimately causing a kernel panic. The root cause...

CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smcspdpriv when tee duplicates splice pipe buffer smcrxsplice allocates one smcspdpriv per pipebuffer and stores the pointer in pipebuffer.private. The pipebufoperations for these buffers used .get =...

PT-2026-34412

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc spd priv when tee duplicates splice pipe buffer smc rx splice allocates one smc spd priv per pipe buffer and stores the pointer in pipe buffer.private. The pipe buf operations for these buffers use...

Linux Distros Unpatched Vulnerability : CVE-2026-31507

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/smc: fix double-free of smcspdpriv when tee duplicates splice pipe buffer smcrxsplice allocates one smcspdpriv per pipebuffer and stores the pointer in...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006958)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006958 advisory. In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in traceprintkseq during ftracedump When calling ftracedumpone...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007578)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007578 advisory. In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usbcontrolmsg routines Automatic kernel fuzzing led to a WARN about invali...

Nomios GREENmod 安全漏洞

Nomios GREENmod is an industrial control system developed by the Polish company Nomios, designed for monitoring and managing energy and power infrastructure. Nomios GREENmod has a security vulnerability, which stems from incorrect configuration of the name pipe access control list, potentially...