CVE-2026-43270

A flaw was found in the Linux kernel's media: mtk-mdp module. A reference leak occurs because the vpugetplatdevice function increases a reference count that is not properly decreased by platformdeviceput in mtkmdpremove. This issue could potentially lead to resource exhaustion over time, which ma...

Linux Distros Unpatched Vulnerability : CVE-2026-43106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefilescull The patch mentioned below change...

Linux Distros Unpatched Vulnerability : CVE-2026-43177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the...

MiracleLinux 8 : java-17-openjdk-17.0.19.0.10-1.el8 (AXSA:2026-552:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-552:05 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...

Linux Distros Unpatched Vulnerability : CVE-2026-43154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits in volume label handling Crafted EROFS images containing...

PT-2026-38615

Summary A stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other use...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016492 advisory. OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted ...

RHEL 9 : freeipmi (RHSA-2026:14819)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:14819 advisory. The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI...

PT-2026-38414

Name of the Vulnerable Software and Affected Versions gittuf versions prior to 0.14.0 Description An attacker with push access to the Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. This occurs because gittuf determines the...

GitPython 路径遍历漏洞

GitPython is a Python library developed by gitpython-developers, designed for interacting with Git repositories. Versions of GitPython prior to 3.1.48 contained a path traversal vulnerability. This vulnerability stemmed from insufficient validation of reference paths during reference creation,...

PT-2026-38581

Name of the Vulnerable Software and Affected Versions Microsoft Partner Center affected versions not specified Description An externally controlled reference to a resource in another sphere allows an unauthorized attacker to perform spoofing over a network. Recommendations At the moment, there is...

CGA-RX9X-25F6-MVC3

Bulletin has no description...

GHSA-9W9C-9W8M-W89Q ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data

Summary GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated flag, timestamps belonging to any other namespace...

CVE-2026-43582

creationtimestamp| type| source ---|---|--- 2026-05-06 21:36:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml7ntpxucl2e...

CVE-2026-43193

A flaw was found in the Linux kernel's Network File System Daemon nfsd. A reference count leak in the nfsdgetdirdeleg function can lead to resource exhaustion. This vulnerability, if repeatedly triggered, may allow an attacker to cause a Denial of Service DoS by consuming available system resourc...

CVE-2026-43179

A flaw was found in the Linux kernel's EROFS filesystem. An attacker could provide a specially crafted EROFS image with metadata compression enabled. This could trigger incorrect early returns within the kernel, leading to folio reference leaks. While this issue does not cause system crashes or...

CVE-2026-33441

This CVE is a duplicate of another CVE: CVE-2026-33079...

CVE-2026-43177

A flaw was found in the Linux kernel's ipu6 driver. This issue occurs due to a runtime Power Management PM reference leak in the driver's probe error paths. When errors occur during device initialization, PM references are not properly released, which can lead to resource exhaustion and potential...

CVE-2026-43167

A flaw was found in the Linux kernel's xfrm subsystem, which handles IPsec Internet Protocol Security transformations. This vulnerability is caused by a reference count leak in xfrmstate objects when a network device is unregistered. An attacker with local access and privileges to configure netwo...

CVE-2026-43165

A flaw was found in the Linux kernel's hwmon subsystem, specifically in the nct7363 driver. This resource leak occurs in the nct7363presentpwmfanin function because a device node reference is not properly released after being acquired. An attacker with local access could potentially exploit this ...