EUVD-2026-32408

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

CVE-2026-46011 media: mtk-jpeg: fix use-after-free in release path due to uncancelled work

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

CVE-2026-45987 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because the cached vmcb12 is use...

CVE-2026-45987

CVE-2026-45987 affects the Linux kernel KVM/nSVM handling of nested VMs. After a VMRUN, nested_sync_control_from_vmcb02() syncs fields from vmcb02 to the cached vmcb12, which is supposed to be the authoritative copy for some controls. Specifically, int_state bit 0 (SVM_INTERRUPT_SHADOW_MASK) is w...

CVE-2026-45933 bpf: Preserve id of register in sync_linked_regs()

In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve id of register in synclinkedregs synclinkedregs copies the id of knownreg to reg when propagating bounds of knownreg to reg using the off of knownreg, but when knownreg was linked to reg like: knownreg = reg ; both...

CVE-2026-40819 Unauthenticated SQLi in sync_data24 task

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the syncdata24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40819

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the syncdata24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

EUVD-2026-32124

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the syncdata24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40819 Unauthenticated SQLi in sync_data24 task

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the syncdata24 task due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

QNAP HBS 3 - Broken Access Control

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

CVE-2026-46045

md/md-llbitmap: skip reading rdevs that are not insync...

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

PT-2026-43894

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smc clc wait msg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smc clc wait m...

Linux Distros Unpatched Vulnerability : CVE-2026-46069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mwifiex: fix use-after-free in mwifiexadaptercleanup The mwifiexadaptercleanup function uses timerdelete non-synchronous for the wakeuptimer before the...

PT-2026-43936

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix use-after-free in mwifiex adapter cleanup The mwifiex adapter cleanup function uses timer delete non-synchronous for the wakeup timer before the adapter structure is freed. This is incorrect because timer delet...

PT-2026-43912

In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not in sync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only checks for raid disk...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the synclinked regs function in bpf. When this function copies the id of knownreg, it may cause a...

PT-2026-43944

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-tdes - fix DMA sync direction Before DMA output is consumed by the CPU, -dma addr out must be synced with dma sync single for cpu instead of dma sync single for device. Using the wrong direction can return stale cac...

Linux Distros Unpatched Vulnerability : CVE-2026-45987

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from...

systeminformation 操作系统命令注入漏洞

SystemInformation is a NPM software library developed by Sebastian Hildebrandt, which allows access to operating system information. Versions of SystemInformation from 4.17.0 to 5.31.5 contain a vulnerability related to operating system command injection. This vulnerability arises on Linux when t...