SUSE CVE-2026-46072

In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to rununpack rununpack checks runbuf runlast at the top of the while loop but then reads sizesize and offsetsize bytes via rununpacks64 without verifying they fit within the remaining buffer. A...

SUSE CVE-2026-46086

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

EUVD-2026-32705

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the actiongeteventdata due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2026-9228

The Timetable and Event Schedule by MotoPress plugin for WordPress (MP Timetable) is affected by an Insecure Direct Object Reference vulnerability (CVE-2026-9228) in all versions up to 2.4.16. The root cause is missing validation on a user-controlled key in the action_get_event_data endpoint, ena...

kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq

A flaw was found in the Linux kernel's Wacom Human Interface Device HID driver. This vulnerability allows a remote attacker to trigger an out-of-bounds read by sending a specially crafted, short Bluetooth HID report. This can lead to the disclosure of sensitive information from the system's memor...

kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...

kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al

In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et.al Check pde-procops-proclseek directly may cause UAF in rmmod scenario. It's a gap in procregopen after commit 654b33ada4ab"proc: fix UAF in...

kernel: netfilter: nf_tables: release flowtable after rcu grace period on error

A flaw was found in the Linux kernel's netfilter component, specifically within the nftables subsystem. An error in releasing a flowtable after an RCU Read-Copy-Update grace period could lead to a use-after-free vulnerability. This issue could expose the flowtable to the packet path and...

kernel: net: sched: act_csum: validate nested VLAN headers

A flaw was found in the Linux kernel's network scheduler component. A remote attacker could send specially crafted network packets containing nested Virtual Local Area Network VLAN headers. This could cause the kernel to read beyond allocated memory, leading to a system crash and a denial of...

kernel: netfilter: xt_tcpmss: check remaining length before reading optlen

A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...

CVE-2026-45914

A flaw was found in the Linux kernel's hwmon: ibmpex driver. A race condition exists where a userspace process reading a sensor file can attempt to access freed memory if it races with a device deletion operation. This use-after-free vulnerability could allow a local attacker to cause a system...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect use of RCU in the mlx4srqevent function within RDMA mlx4. This vulnerability may le...

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer Foundation for managing Docker environments and Docker hosts. Vulnerabilities existed in versions of Portainer from 2.33.0 to 2.33.8, as well as in version 2.39.1, due to an issue with authorization verification in custom...

PT-2026-44564

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description An uninitialized use in the GPU allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update...

Linux Distros Unpatched Vulnerability : CVE-2026-24196

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead t...

PT-2026-44525

Vulnerability in Oracle REST Data Services component: Mongoapi. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability...

PT-2026-44540

Name of the Vulnerable Software and Affected Versions ai-goofish-monitor affected versions not specified Description An unauthenticated arbitrary file read issue exists in Windows deployments. Remote attackers can read arbitrary files by supplying absolute Windows paths or backslash-based travers...

PT-2026-44263

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth btmtk component where the btmtk usb hci wmt sync function casts WMT event response SKB data to struct btmtk hci wmt evt 7 bytes and struct btmtk hci wmt...

RockyLinux 9 : jq (RLSA-2026:19365)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19365 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON obje...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an out-of-bounds read in the symlinkdata function within smb/client. This vulnerability arises because...