Oracle Linux 8 : glibc (ELSA-2026-20587)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-20587 advisory. - Add tests for CVE-2026-4437 and CVE-2026-4438 RHEL-173358 - CVE-2026-4046: Fix assertion failure in IBM1390 and IBM1399 iconv modules RHEL-162891 -...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by a type error in the parameters of the bpfxdpstorebytes function. This error allows the verifier to...

PT-2026-43692

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in ni read folio cmpr Syzbot reported a task hung in ni readpage cmpr now ni read folio cmpr. This is caused by a lock inversion deadlock involving the inode mutex ni lock and page locks. Scenario: 1. Task ...

PT-2026-44005

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

Jenkins Email Extension Plugin 安全漏洞

The Jenkins Email Extension Plugin is an open-source extension for Jenkins that handles email notifications and build messages. The Jenkins Email Extension Plugin versions 1933.v45cec755423f and earlier contain security vulnerabilities. These vulnerabilities stem from allowing base64-encoded imag...

PT-2026-44014

Name of the Vulnerable Software and Affected Versions Jenkins Pipeline: Groovy Libraries Plugin versions prior to 797.v90ea a 9b e45a 0 Description The plugin does not prohibit symbolic links in shared libraries. This allows attackers who can control the content of a library used by a Pipeline jo...

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

PT-2026-43972

Name of the Vulnerable Software and Affected Versions libusb versions prior to 1.0.30 Description A one-byte out-of-bounds read exists in the parse iad array function within descriptor.c. This occurs when a malformed USB descriptor is supplied where the bLength equals the size minus one, causing...

Samba 访问控制错误漏洞

Samba is an open-source suite of standard Windows interoperability programs for Linux and Unix systems. Samba has a control access vulnerability that stems from the lack of SMB-layer access checks when handling NTFS-style symbolic links. This vulnerability allows authenticated users to create or...

PT-2026-43588

A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files...

Synology Active Backup for Business SQL注入漏洞

Synology Active Backup for Business is an enterprise data backup and recovery management platform provided by the Chinese company Synology. Synology Active Backup for Business has a SQL injection vulnerability, which allows unauthorized remote attackers to read arbitrary files...

PT-2026-43828

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Memory leaks occur in the gfs2 fill super error handling path when transitioning a filesystem to read-write mode fails. The first leak involves kthread objects, such as thread struct and...

PT-2026-43753

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where the prototype for the bpf xdp store bytes function is incorrect. The verifier incorrectly expects the third argument to be of type ARG PTR TO...

PT-2026-44616

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds read in Dawn allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. An out of bounds read occurs when a program reads data past the...

PT-2026-44159

Summary CustomReports uses inconsistent authorization between the report listing endpoint and the report detail endpoint. - The listing flow filters reports based on report-sharing rules - The detail flow only checks generic reports or reports config permissions As a result, a low-privileged...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from issues with the pt5161lreadblockdata function in pt5161l, including buffer overflows and improper...

CVE-2026-46078

erofs: fix the out-of-bounds nameoff handling for trailing dirents...

Linux Distros Unpatched Vulnerability : CVE-2026-46096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm2-sessions: Fix missing tpmbufdestroy in tpm2readpublic tpm2readpublic calls tpmbufinit but fails to call tpmbufdestroy on two exit paths, leaking a page...

PT-2026-43824

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue in the Linux kernel can lead to a deadloop within the rcu read unlock function due to softirq. This occurs because recursion-protection code was removed from the rcu read unlock...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of READONCE to read the struct ublskrvctrlcmd, potentially leading to race conditions...