12215 matches found
PT-2026-41182
Name of the Vulnerable Software and Affected Versions electerm versions 3.0.6 through 3.8.8 Description A local code execution issue exists where any process running under the same user can send a JSON payload to the single-instance socket or pipe of the application. This allows an attacker to...
CVE-2026-43481
In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsgreply genlmsgreply hands the reply skb to netlink, and netlinkunicast consumes it on all return paths, whether the skb is queued successfully or freed on an error path...
CVE-2026-43481 net-shapers: don't free reply skb after genlmsg_reply()
In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsgreply genlmsgreply hands the reply skb to netlink, and netlinkunicast consumes it on all return paths, whether the skb is queued successfully or freed on an error path...
CVE-2026-43481
In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsgreply genlmsgreply hands the reply skb to netlink, and netlinkunicast consumes it on all return paths, whether the skb is queued successfully or freed on an error path...
CVE-2026-39806
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...
SUSE CVE-2026-43371
In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that...
SUSE CVE-2026-43457
In the Linux kernel, the following vulnerability has been resolved: mctp: i2c: fix skb memory leak in receive path When 'midev-allowrx' is false, the newly allocated skb isn't consumed by netifrx, it needs to free the skb directly...
CVE-2026-42889 Relay Server WebSocket authentication bypass when token is omitted
Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...
EUVD-2026-29603
Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
EUVD-2026-29515
Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...
CVE-2026-34345
Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-42498
Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...
CVE-2026-42498
Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...
CVE-2026-42498
Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
CVE-2026-43916
Summary: pam_authnft is affected by a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134) that could allow a crafted NETLINK_SOCK_DIAG reply to bypass the message-size check and dereference past the end of the allocation. This vulnerability exists prior to version 0.2.0-alpha and is ...
CVE-2026-43916
pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...
CVE-2026-43916 pam_authnft: Heap buffer overflow in NETLINK_SOCK_DIAG reply walker
pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...
CVE-2026-43916 pam_authnft: Heap buffer overflow in NETLINK_SOCK_DIAG reply walker
pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...