CVE-2026-42498

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

CVE-2026-42498

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

CVE-2026-42498

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2026-43916 pam_authnft: Heap buffer overflow in NETLINK_SOCK_DIAG reply walker

pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...

CVE-2026-43916

pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...

CVE-2026-43916

Summary: pam_authnft is affected by a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134) that could allow a crafted NETLINK_SOCK_DIAG reply to bypass the message-size check and dereference past the end of the allocation. This vulnerability exists prior to version 0.2.0-alpha and is ...

CVE-2026-43916 pam_authnft: Heap buffer overflow in NETLINK_SOCK_DIAG reply walker

pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...

SUSE-SU-2026:1825-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix the following issue: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264449...

SUSE-SU-2026:21636-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix the following security issues: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264449. - CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present bsc1264450...

Exploit for Race Condition Enabling Link Following in Linuxfoundation Runc

CVE-2025-31133 Compose Build Lab This lab is a small PaaS sim...

PT-2026-40233

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

Dozzle's Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpointsbypasses authentication

Summary The WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables Cross-Site WebSocket Hijacking CSWSH — even when authentication is...

EUVD-2026-29033

Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...

VulnCheck KEV: CVE-2026-43500

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

Linux kernel x25_queue_rx_frame function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a call to kfreeskb when allocskb fails in x25queuerxframe, which can be exploited b...

Exploit for Binding to an Unrestricted IP Address in Openprinting Cups-Browsed

dirtycups.py Dirty CUPS is a free Linux/Unix CVE scanner Pytho...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-017400)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017400 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50257)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50257 advisory. - xfrm: esp: ipv4: fix up flags setting Greg Kroah-Hartman Orabug: 39342679 CVE-2026-43284 - xfrm: esp: avoid in-place decrypt on shared skb frags Kuan-Tin...