PT-2026-41834

Name of the Vulnerable Software and Affected Versions Escargot version 590345cc6258317c5da850d846ce6baaf2afc2d3 Description A release of invalid pointer or reference issue in Samsung Open Source Escargot allows for buffer manipulation. Buffer manipulation occurs when a program modifies a memory...

NanoMQ 代码问题漏洞

NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Versions of NanoMQ prior to 0.24.10 contained code vulnerabilities. These vulnerabilities stemmed from a flaw during the client’s MQTT session recovery when cleanstart=0: the ppeer callback function in the...

Important: krb5 security update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

PT-2026-41826

Name of the Vulnerable Software and Affected Versions Samsung Open Source Walrus version f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9 Description A NULL pointer dereference allows pointer manipulation. A NULL pointer dereference occurs when a program attempts to read or write to a memory address that...

PT-2026-41829

Name of the Vulnerable Software and Affected Versions Escargot version 590345cc6258317c5da850d846ce6baaf2afc2d3 Description A use after free flaw in Samsung Open Source Escargot enables pointer manipulation. Use after free is a memory corruption issue that occurs when an application continues to...

ALSA-2026:18587 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bonding: check xdp prog when set bond mode CVE-2025-22105 kernel: block: fix resource leak in blkregisterqueue error path CVE-2025-37980 kernel: dmaengine: idxd: fix memory leak in error...

Escargot 资源管理错误漏洞

Escargot is a lightweight JavaScript engine developed by Samsung as open source, suitable for resource-constrained embedded devices. Escargot has a resource management vulnerability that stems from the reuse of freed resources, potentially leading to pointer manipulation issues...

SAMSUNG Walrus 代码问题漏洞

SAMSUNG Walrus is a WebAssembly runtime engine developed by South Korean company Samsung. There is a code vulnerability in SAMSUNG Walrus, which stems from null pointer dereferencing. This vulnerability could allow attackers to exploit it by using specially crafted WebAssembly modules that contai...

RHEL 9 : firefox (RHSA-2026:19201)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19201 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

ALSA-2026:18134 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: tcpbpf: Fix the skmemuncharge logic in tcpbpfsendmsg CVE-2024-56633 kernel: KVM: x86: Load DR6 with guest value only before entering .vcpurun loop CVE-2025-21839 kernel: block: fix resour...

ALSA-2026:18683 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Double Free Vulnerability in libssh Key Export Functions CVE-2025-5351 libssh: Use of uninitialized variable in privatekeyfromfile CVE-2025-4878 libssh: Write...

CVE-2026-32849

The CVE-2026-32849 entry concerns NetBSD prior to commit ec8451e, where a signed integer overflow in cryptodev_op() (sys/opencrypto/cryptodev.c) occurs because iov_len is signed but assigned from cop->dst_len (unsigned). When dst_len > INT_MAX, undefined behavior can occur, enabling a local...

EUVD-2026-30789

NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodevop function in sys/opencrypto/cryptodev.c where the local variable iovlen is declared as a signed int but assigned from an unsigned cop-dstlen value, causing undefined behavior when cop-dstlen exceeds...

CVE-2026-32849 NetBSD Signed Integer Overflow in cryptodev_op via cryptodev.c

NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodevop function in sys/opencrypto/cryptodev.c where the local variable iovlen is declared as a signed int but assigned from an unsigned cop-dstlen value, causing undefined behavior when cop-dstlen exceeds...

CLSA-2026-1779125894 php: Fix of 7 CVEs

CVE-2026-7258: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - CVE-2026-6722: fix stale SOAPGLOBAL refmap pointer with Apache Map GHSA-85c2-q967-79q5 - CVE-2026-7259: fix null pointer dereference in phpmbcheckencoding via mberegsearchinit GHSA-wm6j-2649-pv75 -...

CLSA-2026-1779125079 php: Fix of 6 CVEs

CVE-2026-7258: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - CVE-2026-6722: fix stale SOAPGLOBAL refmap pointer with Apache Map GHSA-85c2-q967-79q5 - CVE-2026-7262: fix broken Apache map value NULL check in soap encoder GHSA-hmxp-6pc4-f3vv - CVE-2026-7568:...

JLSEC-2026-501

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::SelectorList::populateextends in SharedPtr.hpp used by ast.cpp and astselectors.cpp may cause a Denial of Service application crash via a crafted sass input file...

JLSEC-2026-503

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operatorSass::SupportsOperator in eval.cpp may cause a Denial of Service application crash via a crafted sass input file...

JLSEC-2026-507

LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parserselectors.cpp...

CLSA-2026-1779094874 Fix CVE(s): CVE-2026-28388, CVE-2026-28389

SECURITY UPDATE: NULL pointer dereference in checkdeltabase when a delta CRL is processed without the required CRL Number extension and X509VFLAGUSEDELTAS is enabled, leading to a denial of service. - debian/patches/CVE-2026-28388.patch: add NULL check for delta-crlnumber before ASN1INTEGERcmp in...