CVE-2026-1117 Improper Access Control in parisneo/lollms

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

CVE-2026-1117 Improper Access Control in parisneo/lollms

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

kernel: mptcp: fix race condition in mptcp_schedule_work()

A race in mptcpschedulework could lead to a use-after-free: the function queued work and only then acquired a reference to the socket. If the worker ran to completion immediately, the subsequent sockhold operated on a freed object. Impact ranges from kernel crash DoS to potential privilege...

PT-2026-5648

A vulnerability in the lollms generation events.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The add events function registers event handlers such as generate text, cancel generation, generate msg, and generate msg from without...

CVE-2026-25253

OpenClaw aka clawdbot or Moltbot before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value...

CVE-2026-23016

In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nfconntrackcleanupnetlist to make debugging leaked skbs/conntrack references more obvious. syzbot reports this as triggering, and I can also reproduce this...

EUVD-2026-5078

In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nfconntrackcleanupnetlist to make debugging leaked skbs/conntrack references more obvious. syzbot reports this as triggering, and I can also reproduce this...

CVE-2026-23016 inet: frags: drop fraglist conntrack references

In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nfconntrackcleanupnetlist to make debugging leaked skbs/conntrack references more obvious. syzbot reports this as triggering, and I can also reproduce this...

Linux Distros Unpatched Vulnerability : CVE-2026-23016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in...

CLSA-2026-1769775296 nodejs: Fix of 3 CVEs

CVE-2025-59465: add default error handler to TLSSocket to prevent server crash when connection is abruptly destroyed during initialization - CVE-2025-59466: fix stack overflow exception handling in asynchooks to allow catching with try-catch instead of requiring uncaughtException handlers -...

kernel: mptcp: fix race condition in mptcp_schedule_work()

A race in mptcpschedulework could lead to a use-after-free: the function queued work and only then acquired a reference to the socket. If the worker ran to completion immediately, the subsequent sockhold operated on a freed object. Impact ranges from kernel crash DoS to potential privilege...

kernel: Linux kernel: vsock vulnerability may lead to memory corruption

A flaw was found in the Linux kernel's vsock component. This vulnerability occurs when a connect operation on an already established socket is interrupted by a signal or timeout, causing the system to mishandle the socket's state. This incorrect handling can lead to a race condition, potentially...

kernel: mptcp: fix race condition in mptcp_schedule_work()

A race in mptcpschedulework could lead to a use-after-free: the function queued work and only then acquired a reference to the socket. If the worker ran to completion immediately, the subsequent sockhold operated on a freed object. Impact ranges from kernel crash DoS to potential privilege...

kernel: Linux kernel: vsock vulnerability may lead to memory corruption

A flaw was found in the Linux kernel's vsock component. This vulnerability occurs when a connect operation on an already established socket is interrupted by a signal or timeout, causing the system to mishandle the socket's state. This incorrect handling can lead to a race condition, potentially...

kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free

A vulnerability was found in isosockkill in net/bluetooth/iso.c in Bluetooth protocol stack in the Linux Kernel. In this flaw if the conn-sk is not set to NULL may lead to UAF on isoconnfree...

kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free

A vulnerability was found in isosockkill in net/bluetooth/iso.c in Bluetooth protocol stack in the Linux Kernel. In this flaw if the conn-sk is not set to NULL may lead to UAF on isoconnfree...

SUSE CVE-2026-22988

In the Linux kernel, the following vulnerability has been resolved: arp: do not assume devhardheader does not change skb-head arpcreate is the only devhardheader caller making assumption about skb-head being unchanged. A recent commit broke this assumption. Initialize @arp pointer after...

CVE-2026-24841 Dokploy Vulnerable to Authenticated Remote Code Execution via Command Injection in Docker Container Terminal WebSocket Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint /docker-container-terminal. The containerId and activeWay parameters are directly interpolated into shell commands without...

php: PHP Hostname Null Character Vulnerability

A flaw was found in PHP. The fsockopen function and related functions fail to validate NULL characters within the provided hostname, potentially leading to unexpected behavior during parsing. This flaw allows a network attacker to supply a specially crafted hostname. This issue can result in a...

CVE-2026-24656

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...