SUSE CVE-2026-33811

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

SUSE CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

SUSE CVE-2026-43131

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here...

SUSE CVE-2026-43410

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...

SUSE CVE-2026-43463

In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix missing error pointer check after rxrpckernellookuppeer rxrpckernellookuppeer can also return error pointers in addition to NULL, so just checking for NULL is not sufficient. Fix this by: 1 Changing...

CVE-2026-8125

A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now...

CVE-2026-8126

A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file postcomment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used...

CVE-2026-33811 vulnerabilities

Vulnerabilities for packages: hubble, buildkitd, sftpgo-plugin-geoipfilter, gatus, telegraf, undock, buildah, nova, sftpgo-plugin-auth, gitaly, spqr, keda, argo-workflows, kubernetes-csi-external-attacher, kubo, guac, tempo, nats, cloud-sql-proxy, dapr, ko, juicefs, secrets-store-csi-driver,...

CVE-2026-43474

A flaw was found in the Linux kernel's fuse filesystem. A local user could exploit an uninitialized value vulnerability when calling vfsfileattrget. This could potentially lead to information disclosure or system instability...

CVE-2026-43470

A flaw was found in the Network File System NFS implementation within the Linux kernel. When directories and files are created and removed concurrently with the same name, a race condition can occur. This can lead to the system attempting to perform file operations on a directory, resulting in a...

CVE-2026-43463

A flaw was found in the Linux kernel's rxrpc and afs components. The rxrpckernellookuppeer function, which is responsible for looking up remote procedure call RPC peers, can return error pointers that were not properly checked by its callers in the afs Andrew File System component. This improper...

CVE-2026-43454

A flaw was found in the Linux kernel's netfilter nftables component. This vulnerability allows for duplicate device registration when handling network device registration notifications. Such duplicate registrations can lead to unexpected system behavior or instability...

CVE-2026-43453

A flaw was found in the Linux kernel's netfilter component, specifically within the nftsetpipapo module. The pipapodrop function performs a stack out-of-bounds read. This occurs when an argument is evaluated at the call site before the function body executes, leading to a read beyond the allocate...

CVE-2026-43448

A flaw was found in the Linux kernel's nvme-pci driver. A race condition exists in the nvmepollirqdisable function, where the device can be concurrently disabled by nvmeresetwork. This can lead to an unbalanced interrupt IRQ enable operation, resulting in a kernel warning. This issue may cause...

CVE-2026-43443

A flaw was found in the Advanced Linux Sound Architecture ALSA System on Chip ASoC AMD Audio CoProcessor ACP machine common driver within the Linux kernel. The acpcardrt5682init and acpcardrt5682sinit functions failed to validate the return values from clock acquisition calls. This oversight coul...

PT-2026-39415

Name of the Vulnerable Software and Affected Versions JeecgBoot version 3.9.1 Description A flaw in the 'mLogin' endpoint within the LoginController.java file of the jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ component allows for remote authorization...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: clear the dst when changing skb protocol CVE-2025-38192 In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix possible invalid rdp's-nocbcbkthread pointer access CVE-2025-38704 In...

Photon OS 5.0: Linux PHSA-2026-5.0-0842

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0842. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Mysql PHSA-2026-5.0-0842

An update of the mysql package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0842. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

PT-2026-39401

A vulnerability was determined in Wavlink NU516U1 M16U1 V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp username/ppp passwd/rwan ip/rwan mask/rwan gateway is directly passed by the attacker/so we can control the ppp...