PT-2026-44288

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A self-deadlock occurs in the openvswitch vport during the release of tunnel ports. Vports are protected by RCU Read-Copy-Update, a synchronization mechanism that allows multiple readers...

PT-2026-44732

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.4 Description An authenticated user can perform an arbitrary read of any file accessible by the Arcane backend process. This occurs because the ProjectService.CreateProject function writes attacker-supplied compos...

PT-2026-44173

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer, open source, for managing Docker environments and Docker hosts. There is a security vulnerability in Portainer. This vulnerability stems from insecure default settings that grant regular users access to the host’s file...

CVE-2026-47332

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent...

ai-goofish-monitor 安全漏洞

ai-goofish-monitor is an AI-based multi-task real-time monitoring and web management tool developed by Usagi-org. There is a security vulnerability in ai-goofish-monitor. This vulnerability stems from the GET /api/prompts/filename endpoint in Windows deployments, which contains an unvalidated...

PT-2026-44304

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A misuse of Read-Copy Update RCU, a synchronization mechanism that allows multiple readers to access data while a writer modifies it, occurs in the mlx4 srq event function. The mlx4 srq...

DeepCode 路径遍历漏洞

DeepCode is a multi-agent code generation tool open-source by Data Intelligence Lab@HKU. Previous versions of DeepCode c991dc2 contained a path traversal vulnerability. This vulnerability originated from the SPA catch-all route in newui/backend/main.py, which had a path traversal vulnerability...

PT-2026-44541

Name of the Vulnerable Software and Affected Versions Lakeside SysTrack Agent versions prior to 11.2.1.28 Lakeside SysTrack Agent versions prior to 11.3.0.38 Lakeside SysTrack Agent versions prior to 11.4.0.24 Lakeside SysTrack Agent versions prior to 11.5.0.15 Description An out-of-bounds read...

Apache Ignite 安全漏洞

Apache Ignite is a high-performance, integrated, and distributed memory computing and transaction management platform for large-scale data sets, developed by the Apache Foundation. Security vulnerabilities exist in the Apache Ignite REST API versions 2.0.0 to 2.17.0. These vulnerabilities stem fr...

PT-2026-44407

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

PT-2026-44308

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the symlink data function. This occurs because smb2 check message returns success without validating the length for the symlink error response...

PT-2026-44244

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the DAMON sysfs interface. Direct reads and writes of the memcg path and path files can race, as the write operation deallocates the buffer pointed to by...

PT-2026-44321

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the batadv iv ogm send to if function within the batman-adv module. The issue occurs because the size check in batadv iv ogm aggr packet uses the int type,...

PT-2026-44278

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the smb2 compound op function. This occurs when a server sends a truncated response with a large OutputBufferLength and terminates the EA list early. In...

PT-2026-44313

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An out-of-bounds read exists in the spi nor params show function within the spi-nor debugfs component. The issue occurs...

PT-2026-44315

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the microchip-core-qspi component of the SPI subsystem. The driver incorrectly attempts to transmit garba...

Linux Distros Unpatched Vulnerability : CVE-2026-45975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ublk: use READONCE to read struct ublksrvctrlcmd struct ublksrvctrlcmd is part of the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an out-of-bounds read in the smb2compoundop function within the smb client. This vulnerability ma...

PT-2026-44376

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfs server, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validate path function in src/sshfs mount/sftp server.cpp. The...