CVE-2026-31681

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

CVE-2026-31674

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6trt: reject oversized addrnr in rtmt6check Reject rt match rules whose addrnr exceeds IP6TRTHOPS. rtmt6 expects addrnr to stay within the bounds of rtinfo-addrs. Validate addrnr during rule installation so malformed...

CVE-2026-31681 netfilter: xt_multiport: validate range encoding in checkentry

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

CVE-2026-31681

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

EUVD-2026-25648

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

CVE-2026-31681

CVE-2026-31681 affects the Linux kernel netfilter xt_multiport component. The issue is in ports_match_v1() where a non-zero pflags entry is treated as a range start, causing the end of the range to be consumed incorrectly and potentially reading past the last ports[] element when a malformed rule...

CVE-2026-31674

The CVE-2026-31674 issue affects the Linux kernel netfilter ip6t_rt module, where processing IPv6 routing header (RT) match rules can overflow addrnr if it exceeds IP6T_RT_HOPS. The root cause is rt_mt6() using addrnr outside rtinfo->addrs[] bounds. A patch added validation of addrnr during ru...

[SECURITY] Fedora 44 Update: sudo-1.9.17-8.p2.fc44

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

SUSE CVE-2026-31657

In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadvblaaddclaim can replace claim-backbonegw and drop the old gateway's last reference while readers still follow the pointer. The netlink claim dump path dereferences...

PT-2026-37187

Name of the Vulnerable Software and Affected Versions Heimdall versions prior to 0.17.14 Description Heimdall performs host matching in a case-sensitive manner, which conflicts with the case-insensitive nature of HTTP hostnames. This discrepancy allows a request host that differs only in letter...

PT-2026-35141

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter xt multiport component where the checkentry path fails to validate range encoding. The ports match v1 function treats any non-zero pflags entry as the...

Linux Distros Unpatched Vulnerability : CVE-2026-31681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally...

CVE-2026-31657 batman-adv: hold claim backbone gateways by reference

In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadvblaaddclaim can replace claim-backbonegw and drop the old gateway's last reference while readers still follow the pointer. The netlink claim dump path dereferences...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the PageRules::create process in the page rules component. An attacker can publish a page without the required status-change permission by creating it as a non-draft. This lets a user who is allowed to create...

BIT-OAUTH2-PROXY-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...

hospital-waf-mcp

Hospital WAF Management System Release: v1.0.0 Languag...

LLM-and-MCP

Detection and Exploitation of Vulnerabilities in Android Appli...

Access Control Bypass

Overview org.springframework.security:spring-security-config is a security configuration package for Spring Framework. Affected versions of this package are vulnerable to Access Control Bypass in the XML authorization rules processing when the servlet-path attribute is used. An attacker can gain...

CVE-2026-22754 ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules

Vulnerability in Spring Spring Security. If an application uses to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from...

CVE-2026-40575

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied X-Forwarded-Uri header when --reverse-proxy is enabled and --skip-auth-regex or --skip-auth-route is configured. An attacker can spoof this header so OAut...