CVE-2026-31522

CVE-2026-31522 affects the Linux kernel HID magicmouse driver. The root cause is in magicmouse_report_fixup(), which allocated a new buffer via kmemdup and failed to free it, while the caller does not own the returned pointer. This memory leak can enable local resource exhaustion, with the CVSS i...

CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: avoid memory leak in magicmousereportfixup The magicmousereportfixup function was returning a newly kmemdup-allocated buffer, but never freeing it. The caller of reportfixup does not take ownership of the returne...

CVE-2026-31520

The CVE-2026-31520 entry concerns the Linux kernel HID Apple driver. The issue is a memory leak in apple_report_fixup(), where a newly kmemdup()-allocated buffer was returned but not freed by the callee, resulting in unreclaimed memory. The caller does not take ownership of the returned pointer, ...

CVE-2026-31520

In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in applereportfixup The applereportfixup function was returning a newly kmemdup-allocated buffer, but never freeing it. The caller of reportfixup does not take ownership of the returned pointer, but ...

CVE-2026-31520 HID: apple: avoid memory leak in apple_report_fixup()

In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in applereportfixup The applereportfixup function was returning a newly kmemdup-allocated buffer, but never freeing it. The caller of reportfixup does not take ownership of the returned pointer, but ...

CVE-2026-31500

The CVE-2026-31500 issue affects the Linux kernel Bluetooth Intel btintel driver. A data race allowed two __hci_cmd_sync() paths (HCI_OP_RESET and Intel-exception-info) to run without hci_req_sync_lock, risking concurrent access to hdev->req_status/req_rsp and a slab-use-after-free in kfree_sk...

CVE-2026-31434 btrfs: fix leak of kobject name for sub-group space_info

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name for sub-group spaceinfo When createspaceinfosubgroup allocates elements of spaceinfo-subgroup, kobjectinitandadd is called for each element via btrfssysfsaddspaceinfotype. However, when...

CVE-2026-34281

creationtimestamp| type| source ---|---|--- 2026-04-22 12:50:35+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk3jx5vxd72b...

CVE-2025-9957

creationtimestamp| type| source ---|---|--- 2026-04-22 12:50:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk3jwdl7pl2u 2026-04-24 07:57:51+00:00| seen| https://ccb.belgium.be/advisories/warning-11-new-vulnerabilities-gitlab-ce-and-ee-editions-patch-immediately...

EUVD-2026-24554

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

OSV-2026-610 Memcpy-param-overlap in htx_replace_blk_value

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504612570 Crash type: Memcpy-param-overlap Crash state: htxreplaceblkvalue httpreplaceheadervalue httpschemebasednormalize...

PT-2026-34607

Name of the Vulnerable Software and Affected Versions OpenMcdf affected versions not specified Description OpenMcdf fails to detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file containing a cycle in the LeftSiblingID or RightSiblingID cha...

PT-2026-34427

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the magicmouse report fixup function. The function returns a buffer allocated via kmemdup, but this buffer is never freed. The caller of report fixup does not tak...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the applereportfixup function returning a newly allocated buffer without releasing it, potentiall...

Frappe 跨站脚本漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Version 16.10.10 of Frappe contains a cross-site scripting vulnerability. This vulnerability stems from special tag values stored in user tags that are not...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013646 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: fix memory leak of urbs in ath9khifusbdealloctxurbs Syzkaller reports a...

PT-2026-34548

Name of the Vulnerable Software and Affected Versions Frappe version 16.10.10 Description An authenticated attacker can store a crafted tag value in user tags to trigger JavaScript execution when a victim opens the list or report view where tags are rendered. This occurs because the renderer...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013600)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013600 advisory. In the Linux kernel, the following vulnerability has been resolved: configfs: fix possible memory leak in configfscreatedir kmemleak reported memory leaks in...

PT-2026-34425

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the apple report fixup function. The function returns a buffer allocated via kmemdup, but this buffer is never freed. The caller of report fixup does not take...