SUSE-SU-2026:0411-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc125559...

PolarLearn 访问控制错误漏洞

PolarLearn is an online learning platform developed by PolarNL. Versions of PolarLearn prior to 0-PRERELEASE-16 contain access control vulnerability issues. This vulnerability stems from the use of WebSocket in group chats without the need for login, which may allow unverified clients to subscrib...

CVE-2025-62616

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

kernel: tcp: fix a signed-integer-overflow bug in tcp_add_backlog()

A flaw was found in the Linux kernel’s TCP implementation in the function tcpaddbacklog. When calculating the maximum acceptable backlog for TCP sockets, the sum of the receive buffer skrcvbuf, the send buffer sksndbuf, and a fixed constant may exceed the maximum value of a signed integer due to...

kernel: tcp: fix a signed-integer-overflow bug in tcp_add_backlog()

A flaw was found in the Linux kernel’s TCP implementation in the function tcpaddbacklog. When calculating the maximum acceptable backlog for TCP sockets, the sum of the receive buffer skrcvbuf, the send buffer sksndbuf, and a fixed constant may exceed the maximum value of a signed integer due to...

CVE-2025-58340

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/senddelts write operation, leading to kernel...

CVE-2026-25224

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...

CVE-2020-37085 VirtualTablet Server 3.0.2 - Denial of Service (PoC)

VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the sendsay method, causing the server to become...

CVE-2020-37085

VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the sendsay method, causing the server to become...

CVE-2020-37085 VirtualTablet Server 3.0.2 - Denial of Service (PoC)

VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the sendsay method, causing the server to become...

CVE-2020-37075 LanSend 3.2 - Buffer Overflow (SEH)

LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler SEH overwrite and execute shellcode when...

CVE-2026-25224 Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...

CVE-2026-25224

CVE-2026-25224 affects Fastify (Node.js). Before 5.7.3, a DoS can occur when a remote client sends a slow or non-reading request while the app returns a ReadableStream (or Web Stream) via reply.send(), causing unbounded buffering and possible memory exhaustion. Impact: server degradation or crash...

EUVD-2026-5158

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...

CVE-2025-58346

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/sendaddts write operation, leading to kernel...

SAMSUNG多款产品 安全漏洞

SAMSUNG Mobile Processor and SAMSUNG Wearable Processor are both products of South Korean company Samsung. The SAMSUNG Mobile Processor is a series of mobile processors. The SAMSUNG Wearable Processor is a series of wearable processors. Several SAMSUNG products have security vulnerabilities. Thes...

SunnySideSoft VirtualTablet Server 安全漏洞

SunnySideSoft VirtualTablet Server is a drawing board software developed by SunnySideSoft Corporation. Version 3.0.2 of SunnySideSoft VirtualTablet Server contains a security vulnerability. This vulnerability arises from a denial-of-service vulnerability in the sendsay method when sendinglong...

CVE-2025-58346

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/sendaddts write operation, leading to kernel...

CVE-2025-58340

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/senddelts write operation, leading to kernel...