CVE-2026-43301

CVE-2026-43301 relates to the Linux kernel driver for the wave5 media component. The issue arises when the driver’s remove path unconditionally calls pm_runtime_put_sync(), which can underflow the PM usage count if autosuspend was already activated during probe. This mismatch prevents proper refe...

CVE-2026-43300 drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()

In the Linux kernel, the following vulnerability has been resolved: drm/panel: Fix a possible null-pointer dereference in jdipaneldsiremove In jdipaneldsiremove, jdi is explicitly checked, indicating that it may be NULL: if !jdi mipidsidetachdsi; However, when jdi is NULL, the function does not...

CVE-2026-43300

In the Linux kernel, the following vulnerability has been resolved: drm/panel: Fix a possible null-pointer dereference in jdipaneldsiremove In jdipaneldsiremove, jdi is explicitly checked, indicating that it may be NULL: if !jdi mipidsidetachdsi; However, when jdi is NULL, the function does not...

CVE-2026-43300

In the Linux kernel, the following vulnerability has been resolved: drm/panel: Fix a possible null-pointer dereference in jdipaneldsiremove In jdipaneldsiremove, jdi is explicitly checked, indicating that it may be NULL: if !jdi mipidsidetachdsi; However, when jdi is NULL, the function does not...

PT-2026-38942

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null-pointer dereference can occur in the jdi panel dsi remove function. When the jdi variable is NULL, the function fails to return early and proceeds to call jdi panel disable. Withi...

PT-2026-38943

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A PM runtime usage count underflow exists in the wave5 driver. The driver unconditionally calls the pm runtime put sync function during the remove path, which may conflict with the pm...

Improper Isolation or Compartmentalization

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the NodeVM constructor in lib/nodevm.js. An attacker can run host commands when th...

CVE-2026-41660

Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A...

CVE-2026-41660

Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A...

phpMyFAQ has Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

Summary The FAQ creation and update endpoints in phpMyFAQ apply FILTERSANITIZESPECIALCHARS which HTML-encodes input, then immediately call htmlentitydecode which reverses the encoding, followed by Filter::removeAttributes which only strips HTML attributes — not tags. This allows , , , and tags to...

EUVD-2026-27672

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix double destroyworkqueue on service rescan PCI path While testing corner cases in the driver, a use-after-free crash was found on the service rescan PCI path. When manaservreset calls managdsuspend, managdcleanup...

CVE-2026-43270

In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix a reference leak bug in mtkmdpremove In mtkmdpprobe, vpugetplatdevice increases the reference count of the returned platform device. Add platformdeviceput to prevent reference leak...

CVE-2026-43259

In the Linux kernel, the following vulnerability has been resolved: phy: fsl-imx8mq-usb: set platform driver data Add missing platformsetdrvdata as the data will be used in remove...

CVE-2026-43252

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always set ID as avail when rm endp Syzkaller managed to find a combination of actions that was generating this warning: WARNING: net/mptcp/pmkernel.c:1074 at marksubflowendpavailable net/mptcp/pmkernel.c:10...

CVE-2026-43232

In the Linux kernel, the following vulnerability has been resolved: net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets When the FarSync T-series card is being detached, the fstcardinfo is deallocated in fstremoveone. However, the fsttxtask or fstinttask may still be running ...

CVE-2026-43229 media: chips-media: wave5: Fix device cleanup order to prevent kernel panic

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix device cleanup order to prevent kernel panic Move video device unregistration to the beginning of the remove function to ensure all video operations are stopped before cleaning up the worker thread...

CVE-2026-43153

In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfsattrleafhasname The calling convention of xfsattrleafhasname is problematic, because it returns a NULL buffer when xfsattr3leafread fails, a valid buffer when xfsattr3leaflookupint returns -ENOATTR or -EEXIST, and ...

CVE-2026-43147

CVE-2026-43147 concerns a deadlock in the Linux kernel SR-IOV removal path. The issue arises when sriov_del_vfs() is invoked during pci_stop_and_remove_bus_device(), causing a recursive lock acquisition on pci_rescan_remove_lock and leading to system unresponsiveness. The public description confi...

CVE-2026-43147 Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV"

In the Linux kernel, the following vulnerability has been resolved: Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" This reverts commit 05703271c3cd "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV", which causes a deadlock by recursively takin...

BIT-APACHE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...