CVE-2026-55441

CVE-2026-55441 affects the Mise toolchain. The root cause is that, prior to 2026.6.4, task-include files loaded from directories without config files bypass trust checks and render task fields with a Terraform-like template engine that registers an exec() function. If a directory contains a task-...

Simple Task Managing System v1.0 - SQL Injection

SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries. id:...

CVE-2026-56768

Vulnerability summary (CVE-2026-56768) Seahub versions before 13.0.23 fail to enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated access when a folder share-link token is present. An attacker can call the GET endpoint to obtain a fileserver zip token ...

EUVD-2026-39443

The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...

EUVD-2026-39254

In the Linux kernel, the following vulnerability has been resolved: locking/rtmutex: Skip removewaiter when waiter is not enqueued syzbot triggered the following splat in removewaiter via FUTEXCMPREQUEUEPI: KASAN: null-ptr-deref in range 0x0000000000000a88-0x0000000000000a8f...

EUVD-2026-38858

In the Linux kernel, the following vulnerability has been resolved: fsnotify: fix inode reference leak in fsnotifyrecalcmask fsnotifyrecalcmask fails to handle the return value of fsnotifyrecalcmask, which may return an inode pointer that needs to be released via fsnotifydropobject when the...

EUVD-2026-38814

In the Linux kernel, the following vulnerability has been resolved: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in sendsigio and sendsigurg when a process group receives a signal. When FASYNC is configured for a proces...

EUVD-2026-38953

In the Linux kernel, the following vulnerability has been resolved: bpf: fix mm lifecycle in open-coded taskvma iterator The open-coded taskvma iterator reads task-mm locklessly and acquires mmapreadtrylock but never calls mmget. If the task exits concurrently, the mmstruct can be freed as it is...

CVE-2026-52946

The CVE-2026-52946 entry concerns the Linux kernel and describes a SOFTIRQ-unsafe lock order deadlock in the fasync signaling path (send_sigio and send_sigurg) when FASYNC is enabled for a process group. The concrete remediation is to replace the use of tasklist_lock with rcu_read_lock() to trave...

Malicious code in theme-color-picker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...

MAL-2026-6357 Malicious code in theme-color-picker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...

Mise vulnerable to arbitrary command execution via task-include files in an untrusted, config-less repository

Summary mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/, .mise/tasks/, … but no config file, mise falls back to the default includes and...

CVE-2026-49444

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerabili...

CVE-2026-49444

CVE-2026-49444 affects n8n prior to versions 1.123.48, 2.21.8, and 2.22.4 where an authenticated user with permission to create/modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. The issue is fixed in 1.123.48...

CVE-2026-49444 n8n: Python sandbox escape

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerabili...

kernel: exit: prevent preemption of oopsing TASK_DEAD task

A flaw was found in the Linux kernel. During the exit process of a task that has encountered an error, the system can incorrectly allow the task to be interrupted. This can lead to improper management of the task's memory, potentially causing memory corruption. Such an issue could allow a local...

kernel: exit: prevent preemption of oopsing TASK_DEAD task

A flaw was found in the Linux kernel. During the exit process of a task that has encountered an error, the system can incorrectly allow the task to be interrupted. This can lead to improper management of the task's memory, potentially causing memory corruption. Such an issue could allow a local...

RHEL 9 : kernel (RHSA-2026:27713)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27713 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netfilter: nfconntrackh323:...

kernel: exit: prevent preemption of oopsing TASK_DEAD task

A flaw was found in the Linux kernel. During the exit process of a task that has encountered an error, the system can incorrectly allow the task to be interrupted. This can lead to improper management of the task's memory, potentially causing memory corruption. Such an issue could allow a local...

Linux Distros Unpatched Vulnerability : CVE-2026-44691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without...