CVE-2026-6386

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

CVE-2026-6386

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

CVE-2026-6386 Missing large page handling in pmap_pkru_update_range()

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

kernel: macvlan: fix error recovery in macvlan_common_newlink()

A use-after-free vulnerability was found in the macvlan driver. When creating a macvlan interface in source mode fails after the source MAC has been added to the hash table e.g., due to an invalid interface name, the hash entry still references the freed netdevice structure. Subsequent packets...

PT-2026-34468

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

WordPress plugin Table Manager 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Zypento Blocks 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an oversight in the SCO backup settings table index in the btusb driver. This oversight may lead to...

PT-2026-34304

Name of the Vulnerable Software and Affected Versions Zypento Blocks versions prior to 1.0.7 Description The Zypento Blocks plugin for WordPress contains a Stored Cross-Site Scripting issue within the Table of Contents block. The front-end TOC rendering script reads heading text via innerText and...

PT-2026-34349

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The smb grant oplock function in ksmbd contains two issues. First, a use-after-free occurs when opinfo is linked into ci-m op list before add lease global list is called; if the latter...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013636 advisory. In the Linux kernel, the following vulnerability has been resolved: m68k: Only force 030 bus error if PC not in exception table getkernelnofault does copy data in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013431)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013431 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a potential gpumetricstable memory leak Memory is allocated for gpumetricstable i...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013593 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: tpmtis: Add the missed acpiputtable to fix memory leak In checkacpitpm2, we get the TPM2 tab...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013538)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013538 advisory. In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set ubuf-sg = NULL if the creation of sg table fails When userspace tries to map the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013754)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013754 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom-hw: Fix memory leak in qcomcpufreqhwreadlut If cpudev fails to get opp table in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013766)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013766 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: acpi: Call acpiputtable to fix memory leak The start and length of the event log area are...

GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser

A flaw was found in GStreamer. A remote attacker can exploit a heap-based buffer overflow vulnerability in the GStreamer JPEG parser by providing a specially crafted JPEG file. This issue is caused by improper validation of Huffman table lengths, which can lead to arbitrary code execution in the...

GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser

A flaw was found in GStreamer. A remote attacker can exploit a heap-based buffer overflow vulnerability in the GStreamer JPEG parser by providing a specially crafted JPEG file. This issue is caused by improper validation of Huffman table lengths, which can lead to arbitrary code execution in the...

EUVD-2026-24157

October CMS: Reflected XSS via DataTable Form Widget...

GHSA-JJ38-H5W5-MVPF October CMS: Reflected XSS via DataTable Form Widget

A reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. Impact - Reflected XSS only, no stored/persistent component - The backend URL prefix is customizable and must be known or guessed ...