CVE-2026-31659

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadvttpreparetvlvglobaldata builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a large enough global TT, the ...

EUVD-2026-25552

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadvttpreparetvlvglobaldata builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a large enough global TT, the ...

CVE-2026-31600 arm64: mm: Handle invalid large leaf mappings correctly

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as invalid. This is done for secretmem, kfence, realm dma memory un/share, and others, by simply clearing...

CVE-2026-31599

CVE-2026-31599 concerns a flaw in the Linux kernel vidtv driver where vidtv_pmt_stream_init can return NULL and the caller (vidtv_channel_pmt_match_sections) does not check for this, leading to a NULL pointer dereference in vidtv_psi_desc_assign and a general protection fault. The fixes add a NUL...

CVE-2026-31599

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtvchannelpmtmatchsections syzbot reported a general protection fault in vidtvpsidescassign 1. vidtvpsipmtstreaminit can return NULL on memory allocation failure, but...

EUVD-2026-25439

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bonddebugrlbhashshow rlbclearslave intentionally keeps RLB hash-table entries on the rxhashtblusedhead list with slave set to NULL when no replacement slave is available. However,...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the vidtv driver’s function vidtvchannelpmtmatchsections. This function does not check the NULL pointer...

Saltcorn SQL注入漏洞

Saltcorn is an open-source, scalable, and code-free database application builder developed by Saltcorn. Versions prior to Saltcorn 1.4.6, 1.5.6, and 1.6.0-beta.5 have a SQL injection vulnerability. This vulnerability stems from the SQL injection in Saltcorn’s mobile-sync routing mechanism, allowi...

SUSE SLES15 Security Update : libraw (SUSE-SU-2026:1556-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1556-1 advisory. - CVE-2026-5342: out-of-bounds read via LibRaw::nikonloadpaddedpackedraw bsc1261499. - CVE-2026-20884: integer overflow and heap...

PT-2026-34952

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the arm64 architecture, the kernel fails to correctly handle invalid large leaf mappings. This occurs when page table entries ptes in the linear map are marked as invalid by clearing...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2025-38234: sched/rt: Fix race in pushrttask bsc1246057. CVE-2026-23103: ipvlan: Make the addrslock be per port bsc1257773. CVE-2026-23243: RDMA/umad: Reject...

SUSE-SU-2026:1575-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38234: sched/rt: Fix race in pushrttask bsc1246057. - CVE-2026-23103: ipvlan: Make the addrslock be per port bsc1257773. - CVE-2026-23243: RDMA/umad:...

EUVD-2026-25205

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

H2O-3 is Vulnerable to Code Injection

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

CVE-2026-3960

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

CVE-2026-3960 Remote Code Execution in h2oai/h2o-3

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

CVE-2026-3960

CVE-2026-3960 is a remote code execution in H2O-3 prior to 3.46.0.10 via the unauthenticated REST endpoint /99/ImportSQLTable. The issue stems from a MySQL-focused parameter blacklist that can be bypassed by switching the JDBC URL to a PostgreSQL URL (e.g., using socketFactory/socketFactoryArg pa...

module: Fix kernel panic when a symbol st_shndx is out of bounds

...

s390/syscalls: Add spectre boundary for syscall dispatch table

...

Bluetooth: btusb: clamp SCO altsetting table indices

...