CVE-2026-23471

In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free on framebuffers and property blobs when calling drmdevunplug When trying to do a rather aggressive test of igt's "xemoduleload --r reload" with a full desktop environment and game running I noticed a few...

CVE-2026-23430

A flaw was found in the Linux kernel, specifically within the drm/vmwgfx component. This vulnerability occurs when the kernel incorrectly overwrites the Kernel Mode Setting KMS surface dirty tracker. This error leads to a memory leak, which can degrade system performance and potentially cause...

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example ""@evil.com. PHP's FILTERVALIDATEEMAIL accepts this email...

CVE-2026-23468

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can pass an arbitrary number of BO list entries via the bonumber field. Although the previous multiplication overflow check prevents out-of-bounds...

CVE-2026-31390

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xevmmadviseioctl When checkboargsaresane validation fails, jump to the new freevmas cleanup label to properly free the allocated resources. This ensures proper cleanup in this error path. cherry picked...

CI4MS: Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability 1: Stored DOM XSS via Profile Name Update Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized User Name in Profile Management Description The application fails to properly sanitize user-controlled input when users update their profile name e.g., full...

Use After Free

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the offscreen rendering process when a parent WebContents is destroyed while a child window remains open...

GHSA-532V-XPQ5-8H95 Electron: Use-after-free in offscreen child window paint callback

Impact Apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or...

Use After Free

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the offscreen rendering process when a parent WebContents is destroyed while a child wind...

Electron: Use-after-free in offscreen child window paint callback

Impact Apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or...

PT-2026-30004

Impact Apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or...

PT-2026-30283

Impact Links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. Patches Patched in v0.159.2 Workarounds Create custom render hooks for links and images in...

Budibase 跨站脚本漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.32.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use o...

PT-2026-30012

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The application does not properly sanitize user-controlled input when updating profile names, allowing an attacker to inject a malicious JavaScript payload. Thi...

PT-2026-30277

Name of the Vulnerable Software and Affected Versions Electron versions 33.0.0-alpha.1 through 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5 Description Electron applications utilizing offscreen rendering with GPU shared textures may experience a use-after-free condition. Specifically, the release...

Arbitrary Code Injection

Overview dbgate-web is a This package is used internally by DbGate Affected versions of this package are vulnerable to Arbitrary Code Injection through the FontIcon rendering path in packages/web/src/icons/FontIcon.svelte. An attacker can execute arbitrary JavaScript in a victim’s browser, or...

CVE-2026-34726

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example "alert1"@evil.com. PHP's FILTERVALIDATEEMAIL accepts this...

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example ""@evil.com. PHP's FILTERVALIDATEEMAIL accepts this email...

Exploit for CVE-2026-5760

SGLang SSTI to RCE PoC — Unsandboxed Jinja2 Chat Template Rend...