Linux Distros Unpatched Vulnerability : CVE-2026-23453

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was...

Linux Distros Unpatched Vulnerability : CVE-2026-3902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an...

PT-2026-30816

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.2.0 EOL, 2.3.0 through 2.3.0p45, 2.4.0 through 2.4.0p24, and 2.5.0 beta through 2.5.0b2 Description Insufficient sanitization of dashboard dashlet title links allows an attacker with dashboard creation privileges to perform...

Apache Cassandra 安全漏洞

Apache Cassandra is a distributed NOSQL database developed by the Apache Foundation in the United States. Version 5.0 of Apache Cassandra contains a security vulnerability. This vulnerability stems from improper permission allocation when using MutualTlsAuthenticator in an mTLS environment, which...

PT-2026-30922

Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk update. This vulnerability is fixed in 16.14.0 and 15.104.0...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata CVE-2025-71265 In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indxfind to avoid...

Security Bulletin: NVIDIA DALI - April 2026

NVIDIA has released a software update for NVIDIA® DALI. To protect your system, update this software to version 2.0 or later by following the DALI installation instructions or clone the NVIDIA/DALI GitHub repo. Go to NVIDIA Product Security. Details The following table summarizes the potential...

PT-2026-30943

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in ChurchCRM's SettingsIndividual.php where user-controlled array keys from the type POST parameter are used directly in SQL queries without sanitization. This allows any authenticated user ...

ROS-20260407-73-0027

A vulnerability in the x86/cpu/hygon component of the Linux operating system kernel is related to the lack of division by zero check. Exploitation of the vulnerability allows an attacker to cause denial of service...

CVE-2026-35408

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retai...

CVE-2026-35471

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3...

EUVD-2026-19406

Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt...

GHSA-6JWV-W5XF-7J27 Withdrawn Advisory: go.etcd.io/bbolt affected by index out-of-range vulnerability

Withdrawn Advisory This advisory has been withdrawn because its CVE Numbering Authority has determined this issue to be a false positive. This link is maintained to preserve external references. Original Description Index out-of-range when encountering a branch page with zero elements in...

Withdrawn Advisory: go.etcd.io/bbolt affected by index out-of-range vulnerability

Withdrawn Advisory This advisory has been withdrawn because its CVE Numbering Authority has determined this issue to be a false positive. This link is maintained to preserve external references. Original Description Index out-of-range when encountering a branch page with zero elements in...

CVE-2026-35392 goshs has an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitization. This vulnerability is fixed in 2.0.0-beta.3...

UBUNTU-CVE-2026-35172

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared dige...

CVE-2026-35184

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

EUVD-2026-19468

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

CVE-2026-35184 EcclesiaCRM has a Critical SQL Injection

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

CVE-2026-33817

Rejected reason: CVE confirmed to be a false positive...