EUVD-2026-29037

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

CVE-2026-43500

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

CVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

CVE-2026-43500

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpcinputcallevent and the RESPONSE handler in rxrpcverifyresponse copy the skb to a linear one before calling into the security o...

CVE-2026-6433

The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval, allowing unauthenticated users to execute arbitrary PHP code on the server...

BIT-GOLANG-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

CVE-2026-8272 D-Link DNS-320 webfile_mgr.cgi chown os command injection

A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfilemgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public...

[SECURITY] Fedora 43 Update: dotnet10.0-10.0.107-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from operations on unknown code located in...

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability originated from an unknown portion of the...

Inbox Zero 信息泄露漏洞

Inbox Zero is an AI email assistant developed by Elie Steinbock. It automatically organizes the inbox, drafts responses, and manages schedules. Versions of Inbox Zero prior to 2.29.3 had a vulnerability related to information leakage. This vulnerability stemmed from the use of shared Redis...

Cowlib 注入漏洞

Cowlib is a web protocol message parsing and building library developed by Nine Nines. Version 2.6.0 of cowlib contains an injection vulnerability. This vulnerability arises from the program’s failure to properly filter CRLF sequences when processing events sent by the server, resulting in SSE...

Barebox 安全漏洞

Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of Barebox prior to 2026.04.0 contained security vulnerabilities. These vulnerabilities stemmed from the ext4fsiteratedir function in ext4 directory parsing, which did not verify that the length value of...

PT-2026-39851

Name of the Vulnerable Software and Affected Versions barebox versions prior to 2026.04.0 Description A denial-of-service issue exists in the ext4 directory parsing within fs/ext4/ext4 common.c. The ext4fs iterate dir function does not validate that directory entry length values are non-zero. An...

GhostLock: SMB Deny-Share Handles As a Zero-Privilege Availability Weapon

GhostLock demonstrates that a low-privileged Windows domain user with standard read access to an SMB share can produce ransomware-equivalent organizational availability impact with zero writes, zero encryption, and zero signals in every behavioral defense the modern enterprise security stack...

PT-2026-39715

Name of the Vulnerable Software and Affected Versions Inbox Zero versions prior to 2.29.3 Description The cleaner email stream endpoint used a shared Redis subscription listener. This configuration could result in thread events for one authenticated account being delivered to another authenticate...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017779 advisory. A SIGFPE signal is raised in the function H5Dselectio of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because ...

Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017782)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017782 advisory. A SIGFPE signal is raised in the function applyfilters of h5repackfilters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file,...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017523)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017523 advisory. A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in t...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017538)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017538 advisory. A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form...