CVE-2026-42311 Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...

SUSE CVE-2026-39817

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

CVE-2026-8207

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...

CVE-2026-8207

Gibbon up to version 30.0.01 is affected by an authenticated SQL injection via the Tracking/graphing feature in Tracking/graphing.php (line 145). Exploitation requires Teacher or higher privileges and can lead to unintended read/write access to the database. A fix is available in Gibbon v30.0.01;...

SUSE CVE-2026-43284

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFLSHAREDFRAG after skbsplicefromiter, so later paths that may modify packet data ca...

Gibbon SQL注入漏洞

Gibbon is a school platform developed by the Gibbon team that addresses practical issues encountered by educators every day. Versions of Gibbon prior to v30.0.01 contained an SQL injection vulnerability. This vulnerability stemmed from the misuse of the Tracking/graphing feature, allowing...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libcap (UTSA-2026-016785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016785 advisory. A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an...

PT-2026-39700

Name of the Vulnerable Software and Affected Versions dnsmasq affected versions not specified Description A heap-based out-of-bounds write in the DHCPv6 implementation allows local attackers to execute arbitrary code with root privileges by sending a crafted DHCPv6 packet. A heap-based...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: unixODBC (UTSA-2026-017328)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017328 advisory. An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed o...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-017347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017347 advisory. A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification...

SharpCompress has directory traversal via directory entries in WriteToDirectory (zip slip variant)

Summary A path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the target...

Directory Traversal

Overview SharpCompress is a compression library for NET Standard 2.0/2.1/NET 5.0 that can unrar, decompress 7zip, decompress xz, zip/unzip, tar/untar lzip/unlzip, bzip2/unbzip2 and gzip/ungzip with forward-only reading and file random access APIs. Affected versions of this package are vulnerable ...

GHSA-3258-QMV8-FRP3 free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers

Summary free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and the requests reach the SMF business handlers. In the running Docker lab...

CVE-2026-7957

An out of bounds write flaw was found in the Media component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496607380...

CVE-2026-7951

An out of bounds write flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496266456...

CVE-2026-7950

An out of bounds read and write flaw was found in the GFX component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496259890...

CVE-2026-7923

An out of bounds write flaw was found in the Skia component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=500080194...

CVE-2026-7899

An out of bounds read and write flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505481948...

CVE-2026-43362

A flaw was found in the Linux kernel's Server Message Block SMB client. This vulnerability allows a remote attacker to cause data corruption. When an SMB client attempts to write data over an unstable connection, the in-place encryption process can lead to already encrypted data being re-sent...

GHSA-VRFH-RJ4Q-RMHR Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO

Read-Only Users Can Modify Collaborative Documents via Socket.IO Affected Component Socket.IO collaborative document editing handler: - backend/openwebui/socket/main.py lines 667-721, ydoc:document:update handler Affected Versions Current main branch and likely all versions with collaborative not...