CVE-2026-42212

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, Opening a .gpp file in the SolidCAM Postprocessor IDE extension causes the language server to parse a companion .vmid file from the same directory...

UBUNTU-CVE-2026-43424

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...

CVE-2026-43326

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...

Advisory ROSA-SA-2026-3263

Software: kernel-ml 5.15.180 OS: rosa-server79 unaffected versions = kernel-ml-5.15.180-1.0.1.res7 affected versions kernel-ml-5.15.180-1.0.1.res7 CVE-ID: CVE-2026-31431 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vulnerability in the Linux kernel crypto subsystem crypto: algifaead. Attempts to perfor...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the decryption process when chunking is performed at certain boundaries. An attacker can cause decryption failures and trigger exceptions by manipulating the way encrypted data is chunked and processed. Note: This ...

BIT-JRE-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against...

BIT-JRE-2023-41074

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution...

BIT-JRE-2022-21299

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

BIT-JRE-2020-14621

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

SUSE CVE-2026-6210

A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker without verifying the node type. A non-marker element such as a...

SUSE CVE-2026-7955

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-41675

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without...

PT-2026-38886

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

PT-2026-38761

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained security vulnerabilities. These vulnerabilities stemmed from excessive buffer sizes allocated for multiple inbound deserialization paths, which could allow attackers t...

PraisonAI 命令注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.9 had a command injection vulnerability. This vulnerability stemmed from the lack of a command whitelist or parameter validation in the MCP command processing mechanism,...

PT-2026-39200

Name of the Vulnerable Software and Affected Versions SolidCAM-GPPL-IDE versions 1.0.0 through 1.0.1 Description Opening a .gpp file causes the language server to parse a companion .vmid file from the same directory. The VMID parser uses XDocument.Loadpath without XmlReaderSettings, which in .NET...

PT-2026-38752

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

CVE-2026-43284

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFLSHAREDFRAG after skbsplicefromiter, so later paths that may modify packet data ca...

PraisonAI 输入验证错误漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.34 contained a vulnerability related to input validation errors. This vulnerability stemmed from the file processing tool in the MCP server failing to perform containment...