38316 matches found
SUSE CVE-2026-31569
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Handle the case that EIOINTC's coremap is empty EIOINTC's coremap in eiointcupdateswcoremap can be empty, currently we get a cpuid with -1 in this case, but we actually need 0 because it's similar as the case that...
SUSE CVE-2026-31603
In the Linux kernel, the following vulnerability has been resolved: staging: sm750fb: fix division by zero in pstohz pstohz is called from hwsm750crtcsetmode without validating that pixclock is non-zero. A zero pixclock passed via FBIOPUTVSCREENINFO causes a division by zero. Fix by rejecting zer...
SUSE CVE-2026-31618
In the Linux kernel, the following vulnerability has been resolved: fbdev: tdfxfb: avoid divide-by-zero on FBIOPUTVSCREENINFO Much like commit 19f953e74356 "fbdev: fbpm2fb: Avoid potential divide by zero error", we also need to prevent that same crash from happening in the udlfb driver as it uses...
SUSE CVE-2026-31654
In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in mmapregion commit 605f6586ecf7 "mm/vma: do not leak memory when .mmapprepare swaps the file" handled the success path by skipping getfile via filedoesntneedget, but missed the error path. When /dev/zero...
PT-2026-35172
3/4 Nation-states already weaponizing it: • Chinese APT29 Cozy Bear chaining poisoned Terraform for gov/defense persistence • Russian GRU targeting CNAPP layers in EU energy/finance 🚨 Terraform Enterprise RCE zero-day CVE-2026-81234 actively exploited & just added to CISA KEV today!...
Linux Distros Unpatched Vulnerability : CVE-2026-31603
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - staging: sm750fb: fix division by zero in pstohz pstohz is called from hwsm750crtcsetmode without validating that pixclock is non-zero. A zero pixclock passed v...
Linux Distros Unpatched Vulnerability : CVE-2026-31618
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fbdev: tdfxfb: avoid divide-by-zero on FBIOPUTVSCREENINFO Much like commit 19f953e74356 fbdev: fbpm2fb: Avoid potential divide by zero error, we also need to...
Linux Distros Unpatched Vulnerability : CVE-2026-31685
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low...
Linux Distros Unpatched Vulnerability : CVE-2026-31605
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fbdev: udlfb: avoid divide-by-zero on FBIOPUTVSCREENINFO Much like commit 19f953e74356 fbdev: fbpm2fb: Avoid potential divide by zero error, we also need to...
Linux Distros Unpatched Vulnerability : CVE-2026-31675
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: schnetem: fix out-of-bounds access in packet corruption In netemenqueue, the packet corruption logic uses getrandomu32belowskbheadlenskb to select an...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the logic used in schnetem for handling data packets. This logic uses an unconstrained random val...
zero-click-exploit-analysis
Zero-Click, Old Tricks Anatomy of the 2025 WhatsApp–ImageIO z...
CVE-2026-31654
A flaw was found in the Linux kernel. When a shared memory mapping is created for /dev/zero, a memory leak can occur if the virtual memory area VMA allocation fails. This happens because a newly allocated file, intended to back the mapping, is not properly released in the error path, leading to...
WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin myCred versions = 3.0.3...
CVE-2026-31618
A flaw was found in the Linux kernel's fbdev subsystem, specifically affecting the tdfxfb and udlfb drivers. This vulnerability allows a local attacker to trigger a divide-by-zero error when performing the FBIOPUTVSCREENINFO operation. This can lead to a system crash, resulting in a Denial of...
CVE-2026-31605
A flaw was found in the Linux kernel's udlfb driver. A local user could exploit a divide-by-zero error when the system processes FBIOPUTVSCREENINFO operations. This vulnerability can lead to a system crash, resulting in a Denial of Service DoS...
CVE-2026-31603
A flaw was found in the Linux kernel's sm750fb framebuffer driver. A local user can exploit this vulnerability by providing a specially crafted input with a zero pixclock value via the FBIOPUTVSCREENINFO ioctl. This leads to a division-by-zero error in the pstohz function, which can result in a...
CVE-2026-35348
The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...
CVE-2026-42034
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 native http/https transport path. Oversized streamed uploads are sent fully even when the caller sets strict body limits...
CVE-2026-42034
CVE-2026-42034 affects Axios, a promise-based HTTP client for browser and Node.js. The vulnerability occurs in the HTTP adapter for stream request bodies: for versions prior to 1.15.1 and 0.31.1, maxBodyLength is bypassed when maxRedirects is set to 0 on the native http/https transport path, caus...