EUVD-2026-27745

In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix a resource leak in cx25821devsetup Add releasememregion if ioremap fails to release the memory region obtained by cx25821getresources...

EUVD-2025-209671

In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb-sfsinfo is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been...

CVE-2026-43233

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodechoice In decodechoice, the boundary check before getlen uses the variable len, which is still 0 from its initialization at the top of the function: unsigned int type, ext, len = ...

Security update for openexr

This update for openexr fixes the following issues: CVE-2026-40244: Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic bsc1262426. CVE-2026-40250: Integer overflow in DWA decoder outBufferEnd pointer arithmetic bsc1262425. Patch Instructions: To install this SUSE update use...

SUSE-SU-2026:1712-1 Security update for openexr

This update for openexr fixes the following issues: - CVE-2026-40244: Integer overflow in DWA setupChannelData planarUncRle pointer arithmetic bsc1262426. - CVE-2026-40250: Integer overflow in DWA decoder outBufferEnd pointer arithmetic bsc1262425...

CVE-2026-43233

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodechoice In decodechoice, the boundary check before getlen uses the variable len, which is still 0 from its initialization at the top of the function: unsigned int type, ext, len = ...

CVE-2026-43196 soc: ti: pruss: Fix double free in pruss_clk_mux_setup()

In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in prussclkmuxsetup In the prussclkmuxsetup, the devmaddactionorreset indirectly calls prussoffreeclkprovider, which calls ofnodeputclkmuxnp on the error path. However, after the devmaddactionorres...

CVE-2026-43196

In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in prussclkmuxsetup In the prussclkmuxsetup, the devmaddactionorreset indirectly calls prussoffreeclkprovider, which calls ofnodeputclkmuxnp on the error path. However, after the devmaddactionorres...

CVE-2026-43183 media: cx25821: Fix a resource leak in cx25821_dev_setup()

In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix a resource leak in cx25821devsetup Add releasememregion if ioremap fails to release the memory region obtained by cx25821getresources...

CVE-2026-43183

In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix a resource leak in cx25821devsetup Add releasememregion if ioremap fails to release the memory region obtained by cx25821getresources...

CVE-2026-43183

In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix a resource leak in cx25821devsetup Add releasememregion if ioremap fails to release the memory region obtained by cx25821getresources...

PT-2026-37573

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the decode choice function within the nf conntrack h323 helper of the netfilter component. The issue occurs because the boundary check before calling get...

Linux Distros Unpatched Vulnerability : CVE-2026-43183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: cx25821: Fix a resource leak in cx25821devsetup Add releasememregion if ioremap fails to release the memory region obtained by cx25821getresources...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a double deallocation in the prussclkmuxsetup function within the soc ti pruss code...

Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover

An unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. When the instance is still uninitialized, POST /api/install is reachable without authentication and accepts attacker-controlled bootstrap data. The handler sets the...

Linux Distros Unpatched Vulnerability : CVE-2026-43196

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - soc: ti: pruss: Fix double free in prussclkmuxsetup In the prussclkmuxsetup, the devmaddactionorreset indirectly calls prussoffreeclkprovider, which calls...

PT-2026-37523

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the cx25821 dev setup function. The issue occurs when ioremap fails, preventing the release of the memory region previously obtained by cx25821 get resources...

ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases

Impact Authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an uninitialized fileAccessMap, which...

CVE-2026-42221

Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable...

NPM: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

NPM: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.23...