140 matches found
CVE-2026-46526
Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...
UBUNTU-CVE-2026-46023
In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...
PT-2026-43887
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damos quota goal-nid for node mem used,free bp Patch series "mm/damon/core: validate damos quota goal-nid". node memcg used,free bp DAMOS quota goals receive the node id. The node id is used for si meminfo...
UBUNTU-CVE-2026-43424
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Fix NULL pointer dereferences in nexus handling The tpg-tpgnexus pointer in the USB Target driver is dynamically managed and tied to userspace configuration via ConfigFS. It can be NULL if the USB host sends...
SUSE CVE-2026-43076
In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate inline data isize during inode read When reading an inode from disk, ocfs2validateinodeblock performs various sanity checks but does not validate the size of inline data. If the filesystem is corrupted, an inode's...
CVE-2026-43169 drm/buddy: Prevent BUG_ON by validating rounded allocation
In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Prevent BUGON by validating rounded allocation When DRMBUDDYCONTIGUOUSALLOCATION is set, the requested size is rounded up to the next power-of-two via rounduppowoftwo. Similarly, for non-contiguous allocations with lar...
CVE-2026-43076
In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate inline data isize during inode read When reading an inode from disk, ocfs2validateinodeblock performs various sanity checks but does not validate the size of inline data. If the filesystem is corrupted, an inode's...
CVE-2026-31779
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwlmvmndmatchinfohandler The memcpy function assumes the dynamic array notif-matches is at least as large as the number of bytes to copy. Otherwise, results-matches may...
CVE-2026-43047 HID: multitouch: Check to ensure report responses match the request
In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Check to ensure report responses match the request It is possible for a malicious or clumsy device to respond to a specific report's feature request using a completely different report ID. This can cause confusio...
CVE-2026-43047
The CVE-2026-43047 issue concerns the Linux kernel HID multitouch subsystem. A malicious or misconfigured HID device could answer a feature request with a different report ID than requested, causing the HID core to misinterpret data and potentially trigger out-of-bounds writes. The bug is fixed b...
CVE-2026-43020
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...
CVE-2026-43013 net/mlx5: lag: Check for LAG device before creating debugfs
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: lag: Check for LAG device before creating debugfs mlx5lagdevaddmdev may return 0 success even when an error occurs that is handled gracefully. Consequently, the initialization flow proceeds to call mlx5ldevadddebugfs ev...
Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()
Summary The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw,...
CVE-2026-28402
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...
CVE-2026-23206 dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: prevent ZEROSIZEPTR dereference when numifs is zero The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc with ethsw-swattr.numifs as the element count. When the device reports zero interfaces...
CVE-2026-23183
CVE-2026-23183 affects the Linux kernel cgroup/dmem subsystem. The issue is a NULL pointer dereference when setting the max value, triggered by commands like echo test/region0 > dmem.max, which accesses an invalid region_name. Root cause per description is an insufficient validation after pars...
Azure Linux 3.0 Security Update: kernel (CVE-2024-42160)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42160 advisory. - In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in...
CVE-2023-54240
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: fix possible NULL pointer dereference in mtkhwlrogetfdirall rulelocs is allocated in ethtoolgetrxnfc and the size is determined by rulecnt from user space. So rulecnt needs to be check before using...
CVE-2023-53988
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in hdrdeletede Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in hdrdeletede+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff888079cc0600 by task...
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...