Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from theutex lockpi retry path not clearing expired exiting pointers, potentially leading to reuse aft...

SUSE CVE-2026-31511

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmtaddadvpatternsmonitorcomplete This fixes the condition checking so mgmtpendingvalid is executed whenever status != -ECANCELED otherwise calling mgmtpendingfreecmd would kfreecmd withou...

Linux Distros Unpatched Vulnerability : CVE-2026-31504

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: fix fanout UAF in packetrelease via NETDEVUP race packetrelease has a race window where NETDEVUP can re-register a socket into a fanout group's arr array...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a NETDEVUP condition that allows for the reuse of freed fanout resources after release. This can...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper conditional checks in the mgmtaddadvpatternsmonitorcomplete function. This leads to the...

Linux Distros Unpatched Vulnerability : CVE-2026-31511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: MGMT: Fix dangling pointer on mgmtaddadvpatternsmonitorcomplete This fixes the condition checking so mgmtpendingvalid is executed whenever status !=...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011106)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011106 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Disallow unallocated resources to be returned In the event that the topology request...

Mozilla多款产品 安全漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

JLSEC-2026-149

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

CVE-2025-69627

Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc. During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper...

Adobe Framemaker 缓冲区错误漏洞

Adobe Framemaker is a page layout software developed by Adobe Inc. in the United States, used for writing and editing large or complex documents, including structured documents. Versions of Adobe Framemaker prior to 2022.8 contained a buffer error vulnerability. This vulnerability stemmed from...

JLSEC-2026-89

Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free write vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a std::vector, which...

EUVD-2026-20990

Wasmtime: Panic when transcoding misaligned utf-16 strings...

CVE-2026-34942

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be...

CVE-2026-34942

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be...

CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. There is a security vulnerability in wolfSSL: when restoring sessions from the cache, pointers in serialized session data are not...

osslsigncode 缓冲区错误漏洞

Osslsigncode is a small tool developed by Michał Trojnara as an individual developer. It implements some functions of the Microsoft tool signtool.exe. Versions of Osslsigncode prior to 2.13 contained a buffer error vulnerability. This vulnerability stemmed from the PE page hash calculation code; ...

EUVD-2026-19348

OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write...

EUVD-2026-20006

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime...