CVE-2026-23333

Removed by vendor...

CVE-2026-23333 netfilter: nft_set_rbtree: validate open interval overlap

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: validate open interval overlap Upstream commit 648946966a08e4cb1a71619e3d1b12bd7642de7b Open intervals do not have an end element, in particular an open interval at the end of the set is hard to validate...

CVE-2026-23333

CVE-2026-23333 affects the Linux kernel netfilter nft_set_rbtree interval validation for open intervals. The issue concerned validation of open-ended intervals in a set; a new field (flag) in struct nft_set_elem was added to mark the last element in an add/delete command, enabling detection of pa...

CVE-2026-23309

CVE-2026-23309 refers to a Linux kernel vulnerability in the tracing subsystem. The issue was a NULL pointer dereference in trigger_data_free() when data->cmd_ops->set_filter is evaluated after a failed trigger_data_alloc() and returning NULL. The root cause was that trigger_data_free() did...

CVE-2026-23303

In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...

CVE-2026-23303

The CVE-2026-23303 vulnerability affects the Linux kernel SMB client: when logging is enabled, cifs_set_cifscreds can emit plaintext credentials (username/password) to logs. The issue is fixed by removing the debug log, preventing credential exposure. The connected advisories confirm the flaw exi...

CVE-2026-23297

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsdnlthreadssetdoit. syzbot reported memory leak of struct cred. 0 nfsdnlthreadssetdoit passes getcurrentcred to nfsdsvc, but putcred is not called after that. The cred is finally passed down to...

Linux Distros Unpatched Vulnerability : CVE-2026-23351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: split gc into unlink and reclaim phase Yiming Qian reports...

PT-2026-27750

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf tables: clone set on flush only Syzbot with fault injection triggered a failing memory allocation with GFP KERNEL which results in a WARN splat: iter.err WARNING: net/netfilter/nf tables api.c:845 at nft map...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the setnewpassword function using hexadecimal to dump plaintext password data, potentially leading to...

Linux Distros Unpatched Vulnerability : CVE-2026-23333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftsetrbtree: validate open interval overlap Open intervals do not have an end element, in particular an open interval at the end of the set is hard ...

CVE-2026-33509 pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration

pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option...

Malicious code in chai-set (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28dfa5b2cccd6b50e33c5fbb98357210b6eeac23c9764183693b3eb74da40f44 The package chai-set was found to contain malicious code...

MAL-2026-2342 Malicious code in chai-set (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28dfa5b2cccd6b50e33c5fbb98357210b6eeac23c9764183693b3eb74da40f44 The package chai-set was found to contain malicious code...

CVE-2026-33649 AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/Permissions/setPermission.json.php endpoint accepts GET parameters for a state-changing operation that modifies user group permissions. The endpoint has no CSRF token validation, and the application...

CVE-2026-33297 AVideo has an IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php

WWBN AVideo is an open source video platform. Prior to version 26.0, the setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numer...

EUVD-2026-14389

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

Access Control Bypass

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Access Control Bypass due to incomplete enforcement of access control checks on PUT operations to the...

GHSA-4PGC-GFRR-WCMG Keycloak has Improper Access Control that allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

CVE-2026-4628

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...