CVE-2026-49102

Webmin versions prior to 2.640 are affected by CVE-2026-49102. The issue is an XSS in the mailboxes/detach.cgi component triggered by viewing an SVG document attachment, caused by using image/svg+xml instead of a safe type (e.g., text/plain). Impact is potential cross-site scripting within the ma...

CVE-2026-47119

CVE-2026-47119 concerns Agent Zero before version 1.15, which is affected by a stored XSS via the image_get API endpoint. The vulnerability arises when SVG files are served without proper headers (no Content-Security-Policy, X-Content-Type-Options, or Content-Disposition), allowing an attacker to...

CVE-2026-47119 Agent Zero < 1.15 Stored XSS via image_get API Endpoint

Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the imageget API endpoint without Content-Security-Policy, X-Content-Type-Options, or Content-Dispositio...

EUVD-2026-32524

Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the imageget API endpoint without Content-Security-Policy, X-Content-Type-Options, or Content-Dispositio...

CVE-2026-47119 Agent Zero < 1.15 Stored XSS via image_get API Endpoint

Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the imageget API endpoint without Content-Security-Policy, X-Content-Type-Options, or Content-Dispositio...

CVE-2026-47118

Agent Zero prior to 1.15 is affected by a path traversal vulnerability in the image_get API that allows unauthenticated attackers to read arbitrary files. The issue stems from relying solely on an extension allowlist while the path containment check is disabled, enabling requests for any file wit...

CVE-2026-47118 Agent Zero < 1.15 Path Traversal File Read via image_get API

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

CVE-2026-46101

In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using...

CVE-2026-46024

In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in cephhandleauthreply If a message of type CEPHMSGAUTHREPLY contains a zero value for both protocol and result, this is currently not treated as an error. In case of ac-negotiating == tr...

CVE-2026-46013

In the Linux kernel, the following vulnerability has been resolved: mm/memfdluo: fix physical address conversion in putfolios cleanup In memfdluoretrievefolios's putfolios cleanup path: 1. khorestorefolio expects a physaddrt physical address but receives a raw PFN pfolio-pfn. This causes...

CVE-2026-46002

In the Linux kernel, the following vulnerability has been resolved: ext2: reject inodes with zero inlink and valid mode in ext2iget ext2iget already rejects inodes with inlink == 0 when imode is zero or idtime is set, treating them as deleted. However, the case of inlink == 0 with a non-zero mode...

CVE-2026-45968

In the Linux kernel, the following vulnerability has been resolved: cpuidle: Skip governor when only one idle state is available On certain platforms PowerNV systems without a power-mgt DT node, cpuidle may register only a single idle state. In cases where that single state is a polling state sta...

CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

CVE-2026-45890

In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect function in the backend only validates the upper bound requestednumqueue...

CVE-2026-45892

In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache after doing PARTIALVALID1 zeroout When splitting an unwritten extent in the middle and converting it to initialized in ext4splitextent with the EXT4EXTMAYZEROOUT and EXT4EXTDATAVALID2 flags set, it could...

UBUNTU-CVE-2026-45890

In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect function in the backend only validates the upper bound requestednumqueue...

UBUNTU-CVE-2026-46002

In the Linux kernel, the following vulnerability has been resolved: ext2: reject inodes with zero inlink and valid mode in ext2iget ext2iget already rejects inodes with inlink == 0 when imode is zero or idtime is set, treating them as deleted. However, the case of inlink == 0 with a non-zero mode...

UBUNTU-CVE-2026-45889

In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...

UBUNTU-CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

UBUNTU-CVE-2026-45951

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the checkpseudobtfid function is incorrect: the checkpseudobtfid function might get called with a zero refcounted btf. Fix this, and patch related code accordingly...