PT-2026-45368

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbash command="echo value: dag run.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

CVE-2026-37222

FlexRIC v2.0.0 contains a vulnerability where the stack asserts exact Information Element (IE) counts in decoded E2AP messages instead of validating against protocol ranges. An unauthenticated remote attacker can send a valid E2AP PDU (for example, an E2setupRequest with extra optional fields) th...

FlexRIC security vulnerabilities

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability arises from handling RICINDICATION messages that do not contain the ranfuncid field, causing an assert to be triggered or null pointer...

Patcher: Post-Hoc Patching of Backdoored Large Language Models

Large language models remain vulnerable to jailbreak backdoor attacks, where adversaries poison safety alignment data to embed hidden triggers that bypass safety mechanisms. Existing defenses often require comprehensive attack information or multiple triggered examples, making them impractical wh...

dnssec-trigger bug fix update

An update is available for dnssec-trigger. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list dnssec-trigger reconfigures the local Unbound DNS server after each...

EUVD-2026-33376

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via docName path traversal and XSS by combining a payload note type: code, mime:...

Linux Distros Unpatched Vulnerability : CVE-2026-46157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which ma...

ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion

Exploit Title: ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion Google Dork: N/A Date: 2026-05-13 Exploit Author: Jose Rivas bl4cksku11 & Zero Trust Offsec Vendor Homepage: https://imagemagick.org/ Software Link: https://imagemagick.org/download/ Version: ImageMagick 7.x...

PT-2026-44939

Name of the Vulnerable Software and Affected Versions Trilium Notes versions prior to 0.102.2 Description A malicious ZIP archive imported with safe import enabled can lead to remote code execution RCE and cross-site scripting XSS. This occurs by combining a payload note type: code, mime:...

CVE-2026-45718

Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row...

CVE-2026-48151

Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for all paths matching /api/webhooks/schema. As a result, an unauthenticated caller can update the bo...

CVE-2026-45090

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

CVE-2026-46157

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA Pulse Code Modulation PCM Open Sound System OSS subsystem. A data race vulnerability exists due to concurrent access to the runtime.oss.trigger field without proper protection. This unprotected access can lead to the...

CVE-2026-46157

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it may lead to more sever...

UBUNTU-CVE-2026-46157

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it may lead to more sever...

EUVD-2026-32784

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it may lead to more sever...

CVE-2026-46157

The CVE-2026-46157 entry concerns the ALSA PCM OSS subsystem in the Linux kernel, where runtime.oss.trigger could be accessed concurrently without protection, causing a data race on a bit field and risking corruption of adjacent fields. The issue is addressed by extending the existing params_lock...

CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it may lead to more sever...

CVE-2026-46157

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it may lead to more sever...

EUVD-2026-32876

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARNON in manaibcreateqprss Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and this will trigger the WARNON then go on to corrupt the kernel. Just...