1068 matches found
EUVD-2026-40984
In the Linux kernel, the following vulnerability has been resolved: ASoC: wmadsp: Fix NULL dereference when removing firmware controls In wmadspcontrolremove check that the priv pointer is not NULL before attempting to cleanup what it points to. When csdsp creates a control it calls...
Linux Distros Unpatched Vulnerability : CVE-2026-53152
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and...
CVE-2026-49355 OpenProject: Private work package data disclosure through single meeting agenda item API
OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...
CVE-2026-49355
OpenProject (open-source, web-based project management) contains a vulnerability in versions prior to 17.4.0. The issue arises in GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id, which may disclose private work package data from a linked work package that belongs to a private/inacce...
EUVD-2026-39653
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...
CVE-2026-57921
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...
CVE-2026-57921
In JetBrains YouTrack prior to version 2026.2.16593, an improper access control flaw in the comment templates endpoint allowed reading users’ private data. Affected component: YouTrack server-side access control for comment templates; root cause is insufficient restrictions on who can retrieve te...
CVE-2026-57921
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...
PT-2026-52701
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows the unauthorized reading of private user data through the comment templates endpoint. Recommendations Update to version 2026.2.16593...
CVE-2026-53152
In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...
UBUNTU-CVE-2026-53152
In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...
EUVD-2026-39243
In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...
CVE-2026-53152
In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...
CVE-2026-53152
The CVE affects the Linux kernel driver for rk-series SD/MMC controllers: mmc: dw_mmc-rockchip. The issue stems from missing private data for very old controllers (rk2928, rk3066, rk3188) that do not support UHS speeds and lacked a parse_dt callback and driver private data. The init path now assu...
CVE-2026-52795
Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...
CVE-2026-50184
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...
CVE-2026-50184
Summary (CVE-2026-50184) : The vulnerability affects the Angular ecosystem, specifically the @angular/service-worker package. When the service worker reconstructs outbound requests, an internal helper strips client-specified safety parameters (credentials: omit and cache: no-store), reverting the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: removed the unused checkbuddypriv function. The commit 2461c7d60f9f “rtlwifi: Update header file” introduced a global list of private data structures. Later, the commit 26634c4b1868 “rtlwifi: Modify existing bits t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintelpcie: Memory allocation for driver-private data was performed. The issue was fixed because the driver did not allocate memory for the struct btinteldata structure, which is used to store internal data...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: fddi: fixed a Use-after-Free UAF issue in fzaprobe. The fp field is private data of netdev, and it cannot be used after the freenetdev call. Using fp after freenetdev can cause a UAF bug. This issue was fixed by moving the...