CVE-2026-46276 drm/amdgpu: fix zero-size GDS range init on RDNA4

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev-gds.gdssize, adev-gds.gwssize, and adev-gds.oasi...

EUVD-2026-35141

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev-gds.gdssize, adev-gds.gwssize, and adev-gds.oasi...

CVE-2026-46276

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev-gds.gdssize, adev-gds.gwssize, and adev-gds.oasi...

CVE-2026-46276

The CVE-2026-46276 entry describes a Linux kernel fix in the AMDGPU driver for RDNA4 (GFX 12). The issue occurred when RDNA4 hardware absence of on‑chip GDS/GWS/OA resources left their sizes at zero; the amdgpu_ttm_init() path called amdgpu_ttm_init_on_chip() unconditionally, which forwarded a ze...

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

EUVD-2026-35088

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

CVE-2026-29167

CVE-2026-29167 is a Use After Free vulnerability in Apache HTTP Server when using mod_ldap in per-directory configuration. The issue affects Apache HTTP Server versions 2.4.0 through 2.4.67. The CVSS base score is 9.8 (Network, N), with high impact on confidentiality, integrity, and availability....

WordPress WP Meta Sort Posts plugin <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin WP Meta Sort Posts versions = 0.9...

SUSE-SU-2026:2300-1 Security update for mutt

This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. - CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. - CVE-2026-43861: missing check for \0 in urlpctdecode...

CVE-2026-48103

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM Windows Imaging archive handler's security descriptor lookup. In CHandler::GetSecurity CPP/7zip/Archive/Wim/WimHandler.cpp, the per-image SecurOffsets table...

CLEANSTART-2026-RE02723 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27139, CVE-2026-27142, CVE-2026-32281, CVE-2026-32283, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39883, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 6.1.0-r0, 6.1.0-r1, 6.1.0-r2, 6.1.0-r3, 6.1.0-r4

Multiple security vulnerabilities affect the kubernetes-csi-external-provisioner-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

EUVD-2026-21581

GeoNode contains a server-side request forgery vulnerability in the service registration endpoint...

EUVD-2026-35053

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

CVE-2026-11506 CodeAstro Leave Management System search_staff_for_deletion.php sql injection

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

Amazon Linux 2023 : gstreamer1-plugins-good, gstreamer1-plugins-good-gtk (ALAS2023-2026-1787)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1787 advisory. An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data befor...

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2026-3328 (ALAS-2026-3328)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3328 advisory. An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the...

Code-Projects Simple Flight Ticket Booking System 注入漏洞

Code-Projects Simple Flight Ticket Booking System is a simple airline ticket booking system developed by Code-Projects. Version 1.0 of the code-projects Simple Flight Ticket Booking System has a vulnerability due to incorrect handling of the Username parameter in the POST Parameter Handler...

PT-2026-47348

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the drm/amdgpu component where the kernel crashes during the modprobe of the amdgpu driver on RDNA4 GFX 12 hardware, such as the RX 9070 XT. This occurs because the amdg...

Medium: gstreamer1-plugins-good

Issue Overview: An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by...

Important: dotnet9.0

Issue Overview: Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-42899 Affected Packages:...