184315 matches found
PT-2026-52264
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the FUSE Filesystem in Userspace implementation where the fuse notify function fails to restrict pagecache operations on directories. Specifically, the operations FUSE...
PT-2026-52275
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer over-read exists in the rtw update protection function within the rtl8723bs staging driver. This occurs because the function is called with a pointer offset into the ies buffer...
PT-2026-52258
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the memory control group memcg where the get random u32 below function is called during memcg charge draining, which can occur in the Non-Maskable Interrupt NMI contex...
PT-2026-52269
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write exists in the heap memory of the Linux kernel within the ethosu gem cmdstream copy and validate function. The issue occurs during the command stream parsing loop...
PT-2026-52629
Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists in the DocumentBuilderAccessor where DOCTYPE declarations are not disabled and FEATURE SECURE PROCESSING is not enabled. Although external DTD and schema access are...
PT-2026-52594
Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists where the WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, a user with...
PT-2026-52273
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs during PCIe error recovery. When a Root Port or Downstream Port detects PCIe errors, recovery services run on all subordinate devices regardless of thei...
PT-2026-52586
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer underflow occurs in the wc PKCS7 DecryptOri function when processing specially crafted Other Recipient Info. This leads to incorrect length handling...
PT-2026-52402
In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...
PT-2026-52263
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the fuse module where FUSE NOTIFY RETRIEVE is not limited to uptodate folios. Because FUSE NOTIFY RETRIEVE is designed to return data already present in the page cache...
PT-2026-52413
Unauthenticated Broken Access Control in Motors = 1.4.109 versions...
PT-2026-52607
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.0 Description A supply chain issue exists where incorrect version tags were pushed to the repository, linking to unreviewed code from a personal fork. This allows attackers to execute unreviewed and...
PT-2026-52881
It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms...
PT-2026-52655
Name of the Vulnerable Software and Affected Versions Lemur affected versions not specified Description Passwords are stored in plaintext in the users.password column when a user's password is updated. This occurs because the User model only triggers password hashing during the before insert even...
PT-2026-55839
Unknown description...
PT-2026-52421
Name of the Vulnerable Software and Affected Versions CheckView Automated Testing versions prior to 2.1.1 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass security restrictions. Recommendations Update CheckView Automated Testing to version...
PT-2026-52214
The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...
PT-2026-52219
CVE-2026-55556: rsyslog imhttp: Basic Auth heap overflow https://t.co/TRxvkoyxML requires - rsyslog built with the contributed imhttp module - imhttp installed and available - imhttp loaded and configured - HTTP Basic Authentication enabled - attacker access to that HTTP endpoint...
PT-2026-52555
Name of the Vulnerable Software and Affected Versions OMGF Pro versions prior to 5.2.7 Description An unrestricted file upload flaw allows unauthenticated users to upload malicious files of dangerous types. This issue can lead to remote code execution RCE, which is the ability of an attacker to...
PT-2026-52189
Path Traversal vulnerability in the create archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...
PT-2026-52405
In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...
PT-2026-52634
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...
PT-2026-52286
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference count leak occurs in the virtio gpu dma fence wait function within the drm/virtio component. The issue arises because dma fence unwrap for each calls dma fence unwrap first,...
PT-2026-52257
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between fastrpc device release and the workqueue processing DSP responses. When a user closes a file descriptor, fastrpc device release frees the fastrpc user...
PT-2026-52253
In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonet device after RCU grace period phonet device destroy removes a phonet device from the per-net device list with list del rcu, but frees it immediately. RCU readers walking the same list can still hold a...
PT-2026-52247
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ACK parser of the rxrpc module. In the rxrpc input soft acks function, the AF RXRPC component incorrectly assumes that calling skb condense will always result in a...
PT-2026-52282
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RDMA/srp component where the srp process rsp function copies sense data from a source offset determined by resp data len without verifying it against the actual...
PT-2026-52285
In the Linux kernel, the following vulnerability has been resolved: mm/huge memory: update file PMD counter before folio put split huge pmd locked updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. If folio put drops the last reference, mm counter file can later...
PT-2026-52287
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the io uring/net component where the IORING CQE F BUF MORE flag is not correctly inherited across bundle recv retries within the io recv finish function. When using...
PT-2026-52295
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netvsc copy to send buf function where page buffer entries are copied into the VMBus send buffer using phys to virt on the entry PFN. On 32-bit x86 systems with...
PT-2026-52307
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft tunnel: fix use-after-free on object destroy nft tunnel obj destroy calls metadata dst free which directly kfrees the metadata dst, ignoring the dst entry refcount. Packets that took a reference via dst hold in nft...
PT-2026-52299
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the accel/ivpu component where the get info ioctl function fails to validate the info size returned from the metric stream info query against the allocated buffer size...
PT-2026-52333
In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlbl unlabel addrinfo get used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not...
PT-2026-52351
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcomm connect ind rfcomm get sock by channel scans rfcomm sk list under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcomm...
PT-2026-52349
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol-specific structs without validating skb-len first. A malicious remote device can send truncated MCC frames and trigger...
PT-2026-52354
In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into global hash under idev-lock syzbot reported a splat 1: a slab-use-after-free in ipv6 chk acast addr, which walks the global inet6 acaddr lst hash under RCU and dereferences a struct ifacaddr6 that h...
PT-2026-52329
In the Linux kernel, the following vulnerability has been resolved: net: ibm: emac: Fix use-after-free during device removal The driver was using devm register netdev which causes unregister netdev to be deferred until the devres cleanup phase, which runs after emac remove returns. This creates a...
PT-2026-52350
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate advertising TLV before type checks tlv data is valid reads each advertising data field length from datai, then inspects datai + 1 for managed EIR types before checking that the current field still fits...
PT-2026-52320
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SCTP implementation where the sctp rcv asconf lookup function in net/sctp/input.c fails to properly validate the length of an ASCONF chunk. The function verifies i...
PT-2026-52323
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SIT Simple Internet Tunneling implementation for IPv6. The ipip6 tunnel xmit function caches the inner IPv6 header pointer at the start of the function and continu...
PT-2026-52446
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...
PT-2026-52241
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix change handle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far...
PT-2026-52244
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data copy to allocation size tb xdp properties request derives the per-packet copy length from the response header without checking that it fits in the previously allocated data buffer. A...
PT-2026-52242
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the thunderbolt component where the tb xdomain copy function copies req-response size bytes from the received packet buffer without considering the actual frame size. ...
PT-2026-52256
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free race condition exists in the fastrpc map create function. The fastrpc map lookup function returns a raw pointer after releasing the fl-lock. Subsequently, fastrpc map...
PT-2026-52291
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap overflow exists in the build i2c fw hdr function. The function allocates a fixed-size buffer but copies a number of bytes determined by the Length variable from the firmware file...
PT-2026-52279
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Multipath TCP MPTCP implementation where the window field in the TCP header refers to the MPTCP-level rcv nxt. Because the TCP stack independently prevents the...
PT-2026-52288
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the ALSA timer component. When a userspace timer is closed and the snd timer free function is called to release resources, other active tasks may still...
PT-2026-52312
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 driver where the CPU synchronization for received data is incorrectly aligned. The driver programs the RX queue packet offset such that hardware writes data ...
PT-2026-52290
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab out-of-bounds write exists in the kl5kusb105 USB serial driver. The function klsi 105 prepare write buffer incorrectly handles the bulk-out buffer by storing a two-byte length...