SUSE CVE-2026-43238

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbedit: fix divide-by-zero in tcfskbedithash Commit 38a6f0865796 "net: sched: support hash selecting tx queue" added SKBEDITFTXQSKBHASH support. The inclusive range size is computed as: mappingmod = queuemappingmax...

SUSE CVE-2026-43244

In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in fraglist on partial sendmsg error Syzkaller reported a warning in kcmwritemsgs when processing a message with a zero-fragment skb in the fraglist. When kcmsendmsg fills MAXSKBFRAGS fragments in the curre...

SUSE CVE-2026-43275

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...

CVE-2026-43281

A flaw was found in the Linux kernel. Specifically, within the mailbox subsystem, an out-of-bounds access vulnerability exists in the fwmboxindexxlate function. This issue arises when the device tree is configured with mbox-cells = and the associated mailbox controller does not provide fwxlate an...

Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization

NETTY HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization | Field | Value | |-----------|-------| | Library | io.netty:netty-codec-http | | Component | codec-http — HttpObjectDecoder | | Severity | HIGH | | Affects | HEAD, commit 4f3533ae confirmed | --- Summary HttpObjectDecoder strips a...

CVE-2026-36388

A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...

Demystifying and Detecting Agentic Workflow Injection Vulnerabilities in GitHub Actions

GitHub Actions is increasingly used to deploy LLM-based agents for repository-centric tasks such as issue triage, pull-request review, code modification, and release assistance. These agentic workflows extend traditional CI/CD automation with agentic capabilities but also create a new injection...

PT-2026-38473

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

PT-2026-38596

Name of the Vulnerable Software and Affected Versions OpenStack Cyborg versions prior to 16.0.1 Description Multiple API endpoints use rule:allow check str='@' as the default policy, which unconditionally authorizes any request containing a valid Keystone token. This occurs regardless of the user...

CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

Incus 代码问题漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities. These vulnerabilities stemmed from the backup.GetInfo function’s trust inlining backup configurations, which allowed valid, inline configurations along with...

CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

Linux Distros Unpatched Vulnerability : CVE-2026-43238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: actskbedit: fix divide-by-zero in tcfskbedithash Commit 38a6f0865796 net: sched: support hash selecting tx queue added SKBEDITFTXQSKBHASH support. Th...

CVE-2026-40213

OpenStack Cyborg before 16.0.1 is affected by CVE-2026-40213. The issue arises from a default policy rule (rule:allow with check_str='@') applied to multiple API endpoints, which unconditionally authorizes any request bearing a valid Keystone token regardless of user roles, project membership, or...

CVE-2026-42285

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which occurs when processing SETTINGS frames. If the value of SETTINGSMAXFRAMESIZE is set to 0, the...

PT-2026-38561

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Processing of HTTP/2 SETTINGS frames can lead to an infinite loop of writing CONTINUATION frames when a SETTINGS MAX FRAME SIZE with a value of 0 is received,...

CVE-2026-43267

A flaw was found in the rtw89 Wi-Fi driver within the Linux kernel. This vulnerability occurs when the beacon interval, a timing parameter used in Wi-Fi communication, is set to zero. This can lead to a division by zero error during subsequent calculations, potentially causing system instability ...

CLSA-2026-1778110872 xorg-x11-server-Xwayland: Fix of 3 CVEs

CVE-2024-0408: fix XSELinux crash by calling XACE hooks when creating GLX buffers - CVE-2025-49175: fix out-of-bounds read in animated cursor creation when client provides zero cursors - CVE-2025-49178: fix possible client request hang caused by leftover bytes-to-ignore when sharing input buffer...