175414 matches found
PT-2026-43750
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the sca3000 probe function. The spi-irq requested via request threaded irq is not released if the iio device register function fails. Recommendations At the...
PT-2026-43687
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Smack access control module where writing a previously used value to the '/smack/doi' endpoint disables networking for non-ambient labels. This occurs because the...
PT-2026-43724
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference occurs in the scsi csiostor component. When the variable rn is NULL, the error exit path triggers a dereference of rn through the use of the CSIO INC STATS...
PT-2026-43735
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference count leak occurs in the pcs add gpio func function. The of parse phandle with args function returns a device node pointer with an incremented reference count in gpiospec.np...
PT-2026-43839
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF and double free issue exists in the SMB client. The problem occurs within the smb2 open file function when retrying SMB2 open. If the data variable is not null, a UA...
PT-2026-43613
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system tag view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
PT-2026-44023
Name of the Vulnerable Software and Affected Versions Adminimize versions prior to 1.11.12 Description A missing authorization issue in WP Media Adminimize allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system...
PT-2026-43782
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Corrupted FAT images can cause a directory inode to have an incorrect i nlink value. When the rmdir operation is performed, it unconditionally calls the drop nlink function, which can...
PT-2026-43840
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during device unload. See 1. In LAG mode the bond devic...
PT-2026-43758
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the hns3 network driver. In the hns3 set ringparam function, a temporary copy tmp rings of the ring structure is created for rollback purposes, but the tx...
PT-2026-43851
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the gfs2 iomap inline data write path. The inline data buffer head dibh is released prematurely in the gfs2 iomap begin function via release metapath,...
PT-2026-43816
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the hardware random number generator hwrng core. The hwrng fill pointer is not cleared until the hwrng fillfn thread exits. Because hwrng unregister reads hwrn...
PT-2026-43523
The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rem video' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the video...
PT-2026-43821
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the au1200fb drv probe function within the fbdev au1200fb component. The issue is triggered when the platform get irq function fails, causing the system to return...
PT-2026-43760
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the AppArmor module where table creation from source blobs originating in userspace may involve unaligned memory accesses. This issue occurs because the source blob migh...
PT-2026-43998
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actions addupdatedelete.inc.php...
PT-2026-44061
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description An issue exists in the open-source low-code platform where the '/api/public/v1/roles/assign' endpoint is guarded by the builderOrAdmin middleware. This middleware allows any user who is a builder f...
PT-2026-44058
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.35.4 Description The buildMatcherRegex and matches functions in packages/backend-core/src/middleware/matchers.ts compile route patterns into unanchored regular expressions and test them against ctx.request.url, whi...
PT-2026-43537
The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostats manage function. This makes it possible for unauthenticated attackers to update the plugin's...
PT-2026-43480
Name of the Vulnerable Software and Affected Versions Tanium Connect affected versions not specified Description An issue in Tanium Connect allows for unauthorized code execution. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerabili...
PT-2026-44657
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in Core allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after free is...
PT-2026-43895
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the algif aead component where AF ALG AEAD AIO requests utilize a socket-wide IV Initialization Vector buffer during processing. For asynchronous requests, subsequent...
PT-2026-44665
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in the PDF component, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted PDF file. Use after free ...
PT-2026-43677
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The slhc uncompress function parses VJ-compressed TCP headers by advancing a pointer through the packet using decode and pull16. These helper functions do not perform bounds-checks again...
PT-2026-43994
Name of the Vulnerable Software and Affected Versions libjxl version 0.12.0 Description A heap buffer overflow occurs when processing crafted PBM images. The issue is located in the jxl::extras::DecodeImagePNM function within the lib/extras/dec/pnm.cc file. Recommendations Update libjxl to the...
PT-2026-43879
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A memory leak occurs in the rxkad verify response function within the rxrpc component. The issue arises when the ticket and...
PT-2026-43907
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A watch count leak occurs in the inotify system when the fsnotify add inode mark locked function fails within inotify new watch. In this scenario, the error path executes inotify remove...
PT-2026-43906
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An integer overflow can occur in the rxgk extract token function when checking the length of a ticket. This happens because the system rounds up the value being tested, which may lead to an...
PT-2026-43870
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The nameserver in the Qualcomm Router qrtr network subsystem does not limit the number of nodes it handles. A malicious clie...
PT-2026-43905
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A memory leak occurs in the QualComm Rapid Transport QRTR nameserver. When a node sends a BYE packet indicating it is going...
PT-2026-43878
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A use-after-free issue exists in the mtk jpeg release function. The function frees the context structure ctx without cancelling pending or running work in ctx-jpeg work. This creates a race...
PT-2026-43970
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the stream parser when it is aborted, such as after a message assembly timeout. The strp abort strp function fails to release the reference to a partially assembl...
PT-2026-43952
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the rxrpc component regarding the handling of packets with misaligned crypto lengths. The system fails to...
PT-2026-43923
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Bluetooth component of the Linux kernel within the SSP passkey handlers. The hci conn lookup and field access in the hci user passkey notify evt and...
PT-2026-43949
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the KVM SVM component, the INVLPGA instruction fails to trigger an invalid opcode exception UD when the EFER.SVME variable is not set. This occurs because the system does not properly...
PT-2026-43962
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds access issue exists in the check xattrs function of the ext4 file system. The bounds check for the next extended attribute xattr entry uses a comparison that allows the...
PT-2026-43917
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock occurs in the md/raid10 module during an array check operation when NOWAIT requests are processed. When a check is running, the system raises a barrier that blocks normal...
PT-2026-43858
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap out-of-bounds write can occur in the part descs loc table when mounting a crafted UDF image containing repeated partition descriptors. The handle partition descriptor function fai...
PT-2026-43675
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A divide-by-zero error exists in the netfilter component within the nf osf match one function. The issue occurs in the OSF WSS MODULO branch when calculating ctx-window % f-wss.val witho...
PT-2026-43908
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A flaw exists in the greybus gb-beagleplay component where the hdlc append function calls usleep range while the tx producer...
PT-2026-43889
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An out-of-bounds MMIO Memory Mapped I/O read exists in the ibmasm handle mouse interrupt function. This occurs when the queue reader or writer index from the hardware exceeds REMOTE QUEUE...
PT-2026-43880
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An issue exists in the put folios cleanup path of the memfd luo retrieve folios function. The kho restore folio function...
PT-2026-43890
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the create dirty log function within the dm mirror component. The calculation args used = 2 + param count occurs before validating against argc. If a user...
PT-2026-43927
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the crypto: qat component where IRQ handlers are not properly detached when adf dev up partially completes and then fails. Because the device is enabled with pcim enab...
PT-2026-43956
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A flaw exists in the ALSA control component within the snd ctl elem init enum names function. The function advances a pointe...
PT-2026-43967
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel network subsystem. The functions seg6 input core and rpl input call ip6 route input, which assigns a NOREF destination dst to the socket...
PT-2026-43965
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the debugfs teardown process of the edt-ft5x06 driver. The removal of manual debugfs teardown created a window where debugfs files remain accessible afte...
PT-2026-43899
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the KVM nSVM component, a failure to restore the host CR3 Control Register 3, which manages page tables during a nested VMEXIT can lead to the system continuing to run the L1 guest wi...
PT-2026-43863
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the SPI subsystem of the Linux kernel. The subsystem frees the controller and any allocated driver data during deregistration, unless the allocation is...
PT-2026-43498
Name of the Vulnerable Software and Affected Versions faq shortocde versions prior to 1.1 Description The faq shortocde plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the color attribute within the 'faq' shortcode does not have sufficient input sanitization...