Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50145)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50145 advisory. - macvlan: fix error recovery in macvlancommonnewlink Eric Dumazet Orabug: 39057366 CVE-2026-23209 - netfilter: nftables: fix inverted genmask che...

CVE-2026-29793

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type...

EUVD-2026-10649

Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2026-25605

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in...

CVE-2026-25605

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in...

CVE-2025-15576

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this...

CVE-2026-3038

The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...

CVE-2026-2261

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

PT-2026-24224

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in...

PT-2026-24632

Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type checking on this argument. When the service uses the MongoDB adapter, these objects pass through getObjectId and land directly in the...

📄 usbmuxd 1.1.1-1 Path Traversal / Arbitrary File Write

A path traversal vulnerability exists in usbmuxd, a system daemon responsible for multiplexing USB connections to mobile devices. Due to insufficient validation and sanitization of file path inputs processed through its message-handling interface, a local attacker with access to the usbmuxd UNIX...

Linux Distros Unpatched Vulnerability : CVE-2025-13350

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8 GA retains the legacy AFUNIX garbage collector but backports upstream commit 8594d9b85c07 afunix: Don't call skbget for OOB skb. When orphaned...

Microsoft Windows Ancillary Function Driver for WinSock 资源管理错误漏洞

The Microsoft Windows Ancillary Function Driver for WinSock is a supplementary function driver for Winsock developed by Microsoft Corporation. There is a resource management vulnerability present in the Microsoft Windows Ancillary Function Driver for WinSock. Attackers can exploit this...

EUVD-2026-10333

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

EUVD-2026-10334

The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...

EUVD-2026-10332

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

CVE-2026-2261

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

EUVD-2025-208410

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this...

EUVD-2025-208409

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this...

CVE-2026-2261

The CVE-2026-2261 issue affects blocklistd where a programming error leaks a socket descriptor per adverse event, eventually exhausting file descriptors. After a moderate number of leaks, the process cannot run the helper script because a forked child dereferences a null pointer and crashes, prev...