[SECURITY] Fedora 44 Update: rust-cargo-c-0.10.19-2.fc44

Helper program to build and install c-like libraries...

CVE-2021-27722

An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering...

800,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Smart Slider 3 WordPress Plugin

On February 23, 2026, we received a submission for an Arbitrary File Read vulnerability in Smart Slider 3, a WordPress plugin with an estimated more than 800,000 active installations. This vulnerability makes it possible for an authenticated attacker, with subscriber-level permissions or higher, ...

CVE-2026-32010

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...

CVE-2026-32810

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

CVE-2026-4734

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules. This vulnerability is associated with program files imap.C‎. This issue affects modizer: before v4.3...

CVE-2026-22169

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin...

net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup()

...

GNU BinUtils Buffer Overflow Vulnerability (CNVD-2026-16063)

GNU BinUtils is a collection of programming tools for working with binaries from the American GNU community. A buffer overflow vulnerability exists in GNU BinUtils, which arises from processing specially crafted XCOFF object files without properly validating the relocation type value, and can be...

CVE-2026-23310

A flaw was found in the Linux kernel's bonding module. A local user could exploit this by changing the transmit hash policy xmithashpolicy to vlan+srcmac on a bonded network interface while an eXpress Data Path XDP program is active. This incompatible configuration change can lead to a kernel...

CVE-2026-22494

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good Homes: from n/a through = 1.3.13...

SUSE CVE-2026-23284

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Reset prog ptr to oldprog in case of error in mtkxdpsetup Reset eBPF program pointer to oldprog and do not decrease its ref-count if mtkopen routine in mtkxdpsetup fails...

SUSE CVE-2026-23294

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in devmap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpdevbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bqenqueue and devflush run atomically...

CVE-2026-23383

A flaw was found in the Linux kernel's BPF Berkeley Packet Filter JIT Just-In-Time compiler on arm64 architectures. The BPF JIT allocator incorrectly requests a 4-byte alignment for its buffer, while a critical target field within the bpfplt structure requires 8-byte alignment. This misalignment...

SUSE CVE-2026-4647

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can caus...

CVE-2026-23310

In the Linux kernel, the following vulnerability has been resolved: bpf/bonding: reject vlan+srcmac xmithashpolicy change when XDP is loaded bondoptionmodeset already rejects mode changes that would make a loaded XDP program incompatible via bondxdpcheck. However, bondoptionxmithashpolicyset has ...

CVE-2026-23284

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Reset prog ptr to oldprog in case of error in mtkxdpsetup Reset eBPF program pointer to oldprog and do not decrease its ref-count if mtkopen routine in mtkxdpsetup fails...

UBUNTU-CVE-2026-23310

In the Linux kernel, the following vulnerability has been resolved: bpf/bonding: reject vlan+srcmac xmithashpolicy change when XDP is loaded bondoptionmodeset already rejects mode changes that would make a loaded XDP program incompatible via bondxdpcheck. However, bondoptionxmithashpolicyset has ...

CVE-2026-23284

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Reset prog ptr to oldprog in case of error in mtkxdpsetup Reset eBPF program pointer to oldprog and do not decrease its ref-count if mtkopen routine in mtkxdpsetup fails...

UBUNTU-CVE-2026-23284

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Reset prog ptr to oldprog in case of error in mtkxdpsetup Reset eBPF program pointer to oldprog and do not decrease its ref-count if mtkopen routine in mtkxdpsetup fails...