VIR Vulnerability Intelligence Relay

Search

Found 53,824 results in 6358ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45715 high 7.7 7.7 9d ago Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrations/rest.ts) follows HTTP redirects without re-checking the IP blacklist, …
CVE-2026-45716 high 8.8 8.8 9d ago Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration
CVE-2026-45717 high 8.8 8.8 9d ago Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameter…
CVE-2026-46426 high 7.6 7.6 9d ago Budibase: Unrestricted Upload of File with Dangerous Type
CVE-2026-46427 high 7.7 7.7 9d ago Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is D…
CVE-2026-48146 high 7.7 7.7 9d ago Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetch(config.url) with no SSRF protection.…
CVE-2026-48149 high 8.1 8.1 9d ago Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parse(markdown) straight to innerHTML with no sanitizer (packages/bbui/…
CVE-2026-48151 high 7.5 7.5 9d ago Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for…
CVE-2026-45162 high 8.0 9d ago Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction
CVE-2026-48152 high 8.1 8.1 9d ago Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific owner…
CVE-2026-48153 high 8.5 8.5 9d ago Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check th…
CVE-2026-45061 high 7.7 7.7 9d ago Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). A…
CVE-2026-44460 high 7.4 7.4 9d ago FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totp_setup.php is callable from a session that has only passed the passwo…
CVE-2026-45047 high 7.5 7.5 9d ago bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&…
CVE-2026-44378 high 7.5 7.5 FIX debian debian sles botan_project 9d ago Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such …
CVE-2026-42081 high 7.1 7.1 free5gc 9d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against it…
CVE-2026-42083 high 8.2 8.2 free5gc 9d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and dis…
CVE-2026-42459 high 7.5 7.5 free5gc 9d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Da…
CVE-2026-44316 high 7.5 7.5 free5gc 9d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSmPolicyRequest) panics with a nil-pointe…
CVE-2026-44319 high 7.5 7.5 free5gc 9d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNo…
CVE-2026-44320 high 7.3 7.3 free5gc 9d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbi…
CVE-2026-44321 high 7.5 7.5 free5gc 9d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks c…
CVE-2026-44322 high 7.5 7.5 free5gc 9d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} handler panics with a n…
CVE-2026-44325 high 7.5 7.5 free5gc 9d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in N…
CVE-2026-44328 high 8.2 8.2 free5gc 9d ago free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi…
CVE-2026-44483 high 8.2 8.2 9d ago RVF (formerly Remix Validated Form) provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get (used by @rvf/core to flatten incoming …
CVE-2026-44473 high 7.1 7.1 9d ago Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does…
CVE-2026-44474 low 3.7 3.7 9d ago Ella Core has handover failures during concurrent Security Mode Command
CVE-2026-42790 high 8.1 8.1 FIX slesdebian debianwindows windows erlang 9d ago Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verific…
CVE-2026-44838 high 8.1 8.1 FIX slesdebian debian broadcom 9d ago RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrat…
CVE-2026-48808 unknown FIX debian debian 9d ago Sandbox property allowlist bypass via the `column` filter under `SourcePolicyInterface`
CVE-2026-48807 unknown FIX debian debian 9d ago Sandbox `__toString()` policy bypass via `Traversable` in `join`/`replace` and `in`/`not in` operators
CVE-2026-48806 unknown FIX debian debian 9d ago Sandbox `__toString()` policy bypass via dynamic mapping keys
CVE-2026-48805 unknown FIX debian debian 9d ago Sandbox state regression in deprecated internal wrappers in `src/Resources/core.php`
CVE-2026-46636 unknown FIX debian debian 9d ago Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders
CVE-2026-45022 high 7.5 7.5 FIX debian debian go-git_project 9d ago go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit o…
CVE-2026-49046 high 8.5 8.5 9d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Pa…
CVE-2026-44902 high 7.5 7.5 9d ago opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics en…
CVE-2026-44971 high 8.2 8.2 9d ago GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replac…
CVE-2026-42280 high 7.1 7.1 auth0 9d ago Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token…
CVE-2026-48544 high 7.5 7.5 9d ago Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get_resource() method in taipy/gui/extension/library.py that allows unauthenticated attackers to es…
CVE-2026-9712 unknown 9d ago When creating an export through the pretix API, API clients are returned an UUID value for their export job (a long, random string like 35742818-c375-4d15-839f-d49aecce94d6). Using this UUID, the A…
CVE-2026-42184 high 8.8 8.8 tauri 9d ago Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted loca…
CVE-2026-44988 high 8.8 8.8 FIX slesdebian debian 9d ago LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but…
CVE-2026-44830 unknown 9d ago Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API_TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authenticat…
CVE-2026-48922 high 7.5 7.5 jenkins 9d ago Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to w…
CVE-2026-48921 high 7.5 7.5 jenkins 9d ago Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a…
CVE-2026-48920 high 8.8 8.8 jenkins 9d ago Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that c…
CVE-2026-7365 high 7.8 7.8 ibm 9d ago IBM Operations Analytics - Log Analysis  and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, w…
CVE-2026-9617 high 8.8 8.8 dalibo 9d ago PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an…
CVE-2024-56462 high 8.8 8.8 ibm 9d ago IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating syste…
CVE-2026-8180 high 7.5 7.5 ibm 9d ago IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
CVE-2026-48972 high 7.5 7.5 9d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects…
CVE-2026-8179 high 8.8 8.8 ibm 9d ago IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
CVE-2026-7528 high 7.5 7.5 langflow 9d ago IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.
CVE-2026-6938 high 7.5 7.5 linux-kernel ibm 9d ago IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.
CVE-2026-6052 high 7.5 7.5 linux-kernel ibm 9d ago IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.
CVE-2026-6051 high 7.5 7.5 linux-kernel ibm 9d ago IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.
CVE-2026-46103 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tie…
CVE-2026-46102 high 7.5 7.5 FIX debian debianwindows windows sles google 9d ago In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skb_head leak in strp_abort_strp() When the stream parser is aborted, for example after a message assembly ti…
CVE-2026-46101 unknown FIX debian debian sleswindows windows google 9d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nft_bitwise Reject zero shift operands for nft_bitwise left and right shift expressions during in…
CVE-2026-46100 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmap_prepare() change Partially reverts commit 9d5403b1036c ("fs: convert most other generic_file_*mmap() users t…
CVE-2026-46099 high 8.1 8.1 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6_input_core() and rpl_input() call ip6_route_input() which sets a NORE…
CVE-2026-46098 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown `caif_connect()` can tear down an existing client after remote shutdown by ca…
CVE-2026-46097 unknown FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: Input: edt-ft5x06 - fix use-after-free in debugfs teardown The commit 68743c500c6e ("Input: edt-ft5x06 - use per-client debugfs d…
CVE-2026-46096 unknown FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public() tpm2_read_public() calls tpm_buf_init() but fails to call tpm_…
CVE-2026-46095 unknown FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: raise barrier before state machine transition Move the barrier raise operation before calling llbitmap_state_mach…
CVE-2026-46094 unknown FIX debian debian sleswindows windows google 9d ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access The bounds check for the next xattr entry in check_xattr…
CVE-2026-46093 high 7.8 7.8 FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_l…
CVE-2026-46092 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: check for PCI upstream bridge existence pci_upstream_bridge() returns NULL if the device is on a root bus. If 8821C…
CVE-2026-46091 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: media: rc: igorplugusb: heed coherency rules In a control request, the USB request structure can be subject to DMA on some HCs. H…
CVE-2026-46090 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback start…
CVE-2026-46089 unknown FIX debian debianwindows windows sles google 9d ago In the Linux kernel, the following vulnerability has been resolved: zram: do not forget to endio for partial discard requests As reported by Qu Wenruo and Avinesh Kumar, the following getconf PAG…
CVE-2026-46088 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() snd_ctl_elem_init_enum_names() advances pointe…
CVE-2026-46087 unknown FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: fix memory leak on damon_start() failure in damon_stat_start() Destroy the DAMON context and reset the global poin…
CVE-2026-46086 unknown FIX debian debianwindows windows sles google 9d ago In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by `fdb_delete_local()`, wh…
CVE-2026-46085 high 7.5 7.5 FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM er…
CVE-2026-46084 unknown FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: Disable RX steering on RSS QP destroy When an RSS QP is destroyed (e.g. DPDK exit), mana_ib_destroy_qp_rss() destro…
CVE-2026-46083 unknown FIX debian debian sleswindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: spi: fix resource leaks on device setup failure Make sure to call controller cleanup() if spi_setup() fails while registering a d…
CVE-2026-46082 unknown FIX debian debianwindows windows sles google 9d ago In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 INVLPGA should cause a #UD when EFER.SVME is not set. Add a check to properly inj…
CVE-2026-46081 high 7.8 7.8 FIX slesdebian debian 9d ago In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acomp_save_req() acomp_save_req() stores &req->chain in req->base.data. When acomp_re…
CVE-2026-46080 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ocfs2: split transactions in dio completion to avoid credit exhaustion During ocfs2 dio operations, JBD2 may report warnings via …
CVE-2026-46079 unknown FIX slesdebian debianwindows windows 9d ago In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when device_add_disk() fails do_rbd_add() publishes the device with device_add() before calling device_ad…
CVE-2026-46078 high 7.1 7.1 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but th…
CVE-2026-46077 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-tdes - fix DMA sync direction Before DMA output is consumed by the CPU, ->dma_addr_out must be synced with dma_sync…
CVE-2026-46076 high 7.9 7.9 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 doe…
CVE-2026-46075 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new ->read() calls and f…
CVE-2026-46074 unknown FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB…
CVE-2026-46073 unknown FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt wait_for_completion_interruptible_timeout() returns -ERESTARTSYS w…
CVE-2026-46072 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to run_unpack() run_unpack() checks `run_buf < run_last` at the top of the while loop but then …
CVE-2026-46071 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12 svm_copy_lbrs() always marks VMCB_LBR dirty in the destination VMCB. However, nested…
CVE-2026-46070 high 7.1 7.1 FIX debian debianwindows windows sles google 9d ago In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload size before accessing journal metadata r5c_recovery_analyze_meta_block() and r5l_recovery_verify_data_…
CVE-2026-46069 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup() The mwifiex_adapter_cleanup() function uses timer_delete() (non-sy…
CVE-2026-46068 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx The bounce buffers are allocated with __get_free_pages() us…
CVE-2026-46067 unknown FIX debian debian sles 9d ago In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damos_quota_goal->nid for node_memcg_{used,free}_bp Users can set damos_quota_goal->nid with arbitrary va…
CVE-2026-46066 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ceph: fix num_ops off-by-one when crypto allocation fails move_dirty_folio_in_page_array() may fail if the file is encrypted, the…
CVE-2026-46065 high 7.8 7.8 FIX debian debianwindows windows sles google 9d ago In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info Hold state of deferred I/O in struct fb_deferred_io_sta…
CVE-2026-46064 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasm_send_i2o_message() The ibmasm_send_i2o_message() function uses get_dot_command_size() to com…
CVE-2026-46063 unknown FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: x86/shstk: Prevent deadlock during shstk sigreturn During sigreturn the shadow stack signal frame is popped. The kernel does this…
CVE-2026-46062 high 7.8 7.8 FIX debian debianwindows windows sles 9d ago In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in run_unpack() volume boundary check The volume boundary check `lcn + len > sbi->used.bitmap.nbits` …