PT-2026-8211

In the Linux kernel, the following vulnerability has been resolved: net: cpsw new: Execute ndo set rx mode callback in a work queue Commit 1767bb2d47b7 "ipv6: mcast: Don't hold RTNL for IPV6 ADD MEMBERSHIP and MCAST JOIN GROUP." removed the RTNL lock for IPV6 ADD MEMBERSHIP and MCAST JOIN GROUP...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the cpswnew driver not executing the ndosetrxmode callback in the work queue, potentially leading...

Linux Distros Unpatched Vulnerability : CVE-2026-23203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: cpswnew: Execute ndosetrxmode callback in a work queue Commit 1767bb2d47b7 ipv6: mcast: Don't hold RTNL for IPV6ADDMEMBERSHIP and MCASTJOINGROUP. removed t...

Linux Distros Unpatched Vulnerability : CVE-2026-23181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: sync read disk super and set block size When the user performs a btrfs mount, the block device is not set correctly. The user sets the block size of the...

Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.8 fixes various security issues The following security issues were fixed: CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel bsc1249205. CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zer...

SUSE-SU-2026:0487-1 Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.3 fixes various security issues The following security issues were fixed: - CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access bsc1249455. - CVE-2025-38352: posix-cpu-timers: fix race between...

CVE-2026-26021

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

Updated libpng packages fix security vulnerability

Heap buffer overflow in pngsetquantize when called with no histogram and a palette larger than twice the requested maximum number of colors. CVE-2026-25646...

[slackware-security] libpng

New libpng packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libpng-1.6.55-i586-1slack15.0.txz: Upgraded. Fixed a high severity security issue: Heap buffer overflow in pngsetquantize. Reported a...

Prototype Pollution

Overview set-in is a set value of nested associative structure given array of keys Affected versions of this package are vulnerable to Prototype Pollution via the set-in function. An attacker can modify the prototype of built-in objects by supplying crafted input that leverages Array.prototype,...

CVE-2026-26021

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

CVE-2026-26021 Prototype pollution in set-in

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

CVE-2026-26021

CVE-2026-26021 affects the npm package set-in (versions >=2.0.1,

CVE-2026-26021

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

CVE-2026-26021 Prototype pollution in set-in

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

CVE-2026-26021 Prototype pollution in set-in

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

CVE-2026-1847

Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leading to server crash...

set-in Affected by Prototype Pollution

Summary A prototype pollution vulnerability exists in the the npm package set-in =2.0.1. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using...

GHSA-2C4M-G7RX-63Q7 set-in Affected by Prototype Pollution

Summary A prototype pollution vulnerability exists in the the npm package set-in =2.0.1. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using...

SUSE CVE-2026-25646

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...