PT-2026-39016

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A power management PM runtime leak exists in the bh1780 light sensor driver. The issue occurs because the pm runtime put autosuspend function is not called on the error path following a ...

PT-2026-39018

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the mpu3050-core gyro component, the driver fails to check the return value of the pm runtime get sync function. This allows the driver to attempt hardware access even if the device...

PT-2026-38924

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the spi: cadence-quadspi driver where a runtime PM Power Management disable operation in the probe function error paths can trigger duplicate clock disables. This occu...

PT-2026-39042

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the nouveau/dpcd component where the system may crash in the GSP code when userspace attempts to use '/dev/drm dp ' while the device is in a runtime suspended state. T...

PT-2026-38986

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icc link nodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...

PT-2026-39098

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ALSA pcm component within the snd pcm drain function. In the drain loop, the runtime variable is reassigned to a linked stream's runtime. After the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from manually defining optee nodes in zynqmp.dtsi, thereby disrupting the logic of OP-TEE’s automatic...

Linux Distros Unpatched Vulnerability : CVE-2026-43437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime...

PT-2026-38943

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A PM runtime usage count underflow exists in the wave5 driver. The driver unconditionally calls the pm runtime put sync function during the remove path, which may conflict with the pm...

CVE-2026-44114

OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAWGITDIR to manipulate trusted OpenClaw runtime behavior...

Security Bulletin: Vulnerabilities in IBM Semeru Runtime affect Rational Business Developer.

Summary There are vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - July 2022. Vulnerability Details CVEID:CVE-2022-21541...

Compromised tag of intercom-php published via GitHub

Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...

GHSA-GR3R-CRP5-QRRM Compromised tag of intercom-php published via GitHub

Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service account github-management-service. This occurred as part of the same supply chain attack that affected intercom-client on npm. The malicious...

Chromium: CVE-2026-7927 Type Confusion in Runtime

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-41643

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

Malicious code in runtime-vitals (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5e056ef78ad47697156c0dce0819370ffc74bb450e226bfb2bf934651b5836b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame

Summary When a Bandit-fronted server has explicitly enabled WebSocket permessage-deflate compress: true, an unauthenticated client can OOM the BEAM with a single 6 MiB WebSocket frame. Bandit's inflate step has no output-size cap, so a small high-ratio compressed frame e.g. zeros, 1024:1 ratio...

SUSE CVE-2026-31741

In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: prevent counter from being toggled multiple times Runtime PM counter is incremented / decremented each time the sysfs enable file is written to. If user writes 0 to the sysfs enable file multiple times,...

SUSE CVE-2026-43177

In the Linux kernel, the following vulnerability has been resolved: media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the runtime PM reference. Add pmruntimeputsync before cleaning up other...

SUSE CVE-2026-43275

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...