CVE-2026-32050

OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling that allows unauthorized senders to enqueue status events before authorization checks are applied. Attackers can exploit the reaction-only event path in event-handler.ts to queue...

CVE-2026-27740

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interfa...

CVE-2026-33314

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

CVE-2026-4617

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/apipatientcheckin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It i...

CVE-2026-23350

A flaw was found in the Linux kernel. When an execution queue fails to initialize in the drm/xe/queue component, the system does not properly finalize it, leaving a damaged entry in a critical lookup list. This can lead to an invalid memory reference, potentially causing system instability or a...

IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()

...

CVE-2026-4652

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine...

EVerest 竞争条件问题漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contained a race condition vulnerability, which was caused by data competition and could lead to mapping or queue corruption...

PT-2026-28351

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race condition that can lead to potential corruption of std::queue and std::deque. The issue is triggered by a...

PT-2026-28352

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack susceptible to a data race that could lead to corruption of std::map. The issue is triggered by a CSMS GetLog/UpdateFirmware request network coinciding wi...

EVerest 安全漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions prior to EVerest 2026.02.0 contain security vulnerabilities; these vulnerabilities stem from data competition and could lead to queue or double-ended queue corruption...

CVE-2026-33217

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the $MQTT. namespace, allowing MQTT clients to bypass ACL checks for MQTT subjects. Versions...

CVE-2026-33216

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

CVE-2026-23294

A flaw was found in the Linux kernel. A race condition in the devmap component, specifically within the xdpdevbulkqueue bq on PREEMPTRT kernels, allows multiple preemptible tasks on the same CPU to concurrently access the bq. This can lead to a use-after-free vulnerability, potentially resulting ...

CVE-2026-23340

A flaw was found in the Linux kernel. A race condition exists in the network queue management qdisc component when the number of transmit queues is dynamically reduced while network traffic is active. This can lead to a Use-After-Free UAF vulnerability, where memory is prematurely freed while sti...

SUSE CVE-2026-23294

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in devmap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpdevbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bqenqueue and devflush run atomically...

SUSE CVE-2026-23299

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SOTIMESTAMPING, SKBs may be queued into skerrorqueue and will stay there until consumed. If userspace never gets to read the timestamps, or i...

SUSE CVE-2026-23311

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

SUSE CVE-2026-23342

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in cpumap on PREEMPTRT On PREEMPTRT kernels, the per-CPU xdpbulkqueue bq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes bqenqueue and cpumapflush run atomically...

SUSE CVE-2026-23350

In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC list which is part of gucid allocation. A damaged...