EUVD-2026-32888

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in createspaceinfo error path When kobjectinitandadd fails, the call chain is: createspaceinfo - btrfssysfsaddspaceinfotype - kobjectinitandadd - failure - kobjectput&spaceinfo-kobj - spaceinforelease -...

CVE-2026-46128

In the Linux kernel, the following vulnerability has been resolved: ipmi: Check event message buffer response for bad data The event message buffer response data size got checked later when processing, but check it right after the response comes back. It appears some BMCs may return an empty...

CVE-2026-46124

CVE-2026-46124 affects the Linux kernel isofs filesystem. The vulnerability arises because isofs_fh_to_dentry/isofs_fh_to_parent pass an attacker-controlled block number from an NFS file handle to isofs_export_iget(), which only rejects block == 0 before calling isofs_iget and sb_bread. A crafted...

CVE-2026-46124

In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...

BIT-MOODLE-2022-50943 Moodle LMS 4.0 Cross-Site Scripting via course search.php

Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users'...

Important: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 8.10 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

ntfs3: add buffer boundary checks to run_unpack()

...

ocfs2: split transactions in dio completion to avoid credit exhaustion

...

xfs: fix a resource leak in xfs_alloc_buftarg()

...

xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...

xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling

A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB X Keyboard Extension modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory...

Important: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

CVE-2026-44611

creationtimestamp| type| source ---|---|--- 2026-05-28 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-01...

CVE-2026-6824

creationtimestamp| type| source ---|---|--- 2026-05-28 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-05 2026-05-29 19:00:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmz7upfzmm27 2026-05-29 20:27:22+00:00| seen|...

CVE-2026-9038

creationtimestamp| type| source ---|---|--- 2026-05-28 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-08 2026-05-28 22:13:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmx272ywxh2v...

CVE-2026-9037

creationtimestamp| type| source ---|---|--- 2026-05-28 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-08 2026-05-28 21:26:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwxl2au522n...

CVE-2026-5386

creationtimestamp| type| source ---|---|--- 2026-05-28 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-06 2026-05-29 19:01:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmz7wtzwag27 2026-05-29 20:38:47+00:00| seen|...

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...