CVE-2026-49299

OpenStack Neutron prior to 28.0.1 is affected: the tagging controller enforces plural policy action names on single-tag write operations while policy rules use singular names, causing the mismatch to evaluate as allowed under the default policy. This permits a project reader to create and update ...

CVE-2026-49299

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

RLSA-2026:19610 Important: libsndfile security update

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fixes: libsndfile: integer overflow in imareaderinit CVE-2026-37555 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

SUSE CVE-2026-46022

In the Linux kernel, the following vulnerability has been resolved: misc: ibmasm: fix OOB MMIO read in ibmasmhandlemouseinterrupt ibmasmhandlemouseinterrupt performs an out-of-bounds MMIO read when the queue reader or writer index from hardware exceeds REMOTEQUEUESIZE 60. A compromised service...

[SECURITY] Fedora 44 Update: rust-astral_async_zip-0.0.18~rc4-2.fc44

An asynchronous ZIP archive reading/writing crate...

[SECURITY] Fedora 44 Update: rust-astral-tokio-tar-0.6.2-1.fc44

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

[SECURITY] Fedora 43 Update: rust-astral_async_http_range_reader-0.11.0-2.fc43

A library for streaming reading of files over HTTP using range requests...

[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.6.2-1.fc43

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

PT-2026-44555

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

CVE-2026-46086 net: bridge: use a stable FDB dst snapshot in RCU readers

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

CVE-2026-46022

The CVE-2026-46022 entry documents a Linux kernel vulnerability in misc: ibmasm, where ibmasm_handle_mouse_interrupt() performs an out-of-bounds MMIO read when hardware queue indices exceed REMOTE_QUEUE_SIZE (60). The root cause is that get_queue_reader()/get_queue_writer() return raw readl() val...

CVE-2025-71309

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in nireadfoliocmpr Syzbot reported a task hung in nireadpagecmpr now nireadfoliocmpr. This is caused by a lock inversion deadlock involving the inode mutex nilock and page locks. Scenario: 1. Task A enters...

SUSE CVE-2026-9500

A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read2004compressedsection of the file src/decode.c of the component Dwgread Utility. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The explo...

PT-2026-43486

IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19 against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration...

CVE-2026-44775 Kavita: No authentication at /api/Reader/image

Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderController.GetImage endpoint is decorated with AllowAnonymous, allowing completely unauthenticated access to page images from any chapter in any library. While the endpoint accepts an apiKey parameter, it is never validated. Sin...

CVE-2026-44775 Kavita: No authentication at /api/Reader/image

Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderController.GetImage endpoint is decorated with AllowAnonymous, allowing completely unauthenticated access to page images from any chapter in any library. While the endpoint accepts an apiKey parameter, it is never validated. Sin...

kavita 访问控制错误漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0 contained an access control vulnerability. This vulnerability stemmed from the ReaderController.GetImage endpoint, which allowed completely unauthenticated access,...

May "In the Trend of VM" (#27): high-profile vulnerabilities in Linux, ActiveMQ, SharePoint, and Adobe Acrobat Reader

May "In the Trend of VM" 27: high-profile vulnerabilities in Linux, ActiveMQ, SharePoint, and Adobe Acrobat Reader. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. While the previous April edition featured only one vulnerability, this one...

CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

EUVD-2026-31501

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...