๐จ CVE-2026-34335
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2026-40404
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
๐@cveNotify
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
๐@cveNotify
๐จ CVE-2026-42828
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2026-42972
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
๐@cveNotify
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
๐@cveNotify
๐จ CVE-2026-42973
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
๐@cveNotify
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
๐@cveNotify
๐จ CVE-2026-46238
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: stop caching unowned originator pointers in BAT IV
BAT IV keeps the last-hop neighbor address in each neigh_node, but some
paths also cache an originator pointer derived from a temporary lookup.
That pointer is not owned by the neigh_node and may no longer refer to a
live originator entry after purge handling runs.
Stop storing the auxiliary originator pointer in the BAT IV neighbor
state. When BAT IV needs the neighbor originator data, resolve it from
the stored neighbor address and drop the reference again after use.
[sven: avoid bonding logic for outgoing OGM]
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: stop caching unowned originator pointers in BAT IV
BAT IV keeps the last-hop neighbor address in each neigh_node, but some
paths also cache an originator pointer derived from a temporary lookup.
That pointer is not owned by the neigh_node and may no longer refer to a
live originator entry after purge handling runs.
Stop storing the auxiliary originator pointer in the BAT IV neighbor
state. When BAT IV needs the neighbor originator data, resolve it from
the stored neighbor address and drop the reference again after use.
[sven: avoid bonding logic for outgoing OGM]
๐@cveNotify
๐จ CVE-2026-46239
In the Linux kernel, the following vulnerability has been resolved:
media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl
Three control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) directly
return without calling pm_runtime_put(), causing runtime PM reference
count leaks.
Change these cases from 'return' to 'ret = ... break' pattern to ensure
pm_runtime_put() is always called before function exit.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl
Three control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) directly
return without calling pm_runtime_put(), causing runtime PM reference
count leaks.
Change these cases from 'return' to 'ret = ... break' pattern to ensure
pm_runtime_put() is always called before function exit.
๐@cveNotify
๐จ CVE-2026-46240
In the Linux kernel, the following vulnerability has been resolved:
media: iris: Fix use-after-free in iris_release_internal_buffers()
The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy
internal buffers after FW releases") introduced a regression where
session_release_buf() may free the buffer. The caller,
iris_release_internal_buffers(), continued to access `buffer` after the
call, leading to a potential use-after-free.
Fix this by setting BUF_ATTR_PENDING_RELEASE before calling
session_release_buf(), and reverting the flag if the call fails. This
ensures no dereference occurs after potential freeing.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
media: iris: Fix use-after-free in iris_release_internal_buffers()
The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy
internal buffers after FW releases") introduced a regression where
session_release_buf() may free the buffer. The caller,
iris_release_internal_buffers(), continued to access `buffer` after the
call, leading to a potential use-after-free.
Fix this by setting BUF_ATTR_PENDING_RELEASE before calling
session_release_buf(), and reverting the flag if the call fails. This
ensures no dereference occurs after potential freeing.
๐@cveNotify
๐จ CVE-2026-46241
In the Linux kernel, the following vulnerability has been resolved:
spi: mpc52xx: fix use-after-free on registration failure
Make sure to disable and free the interrupts in case controller
registration fails to avoid a potential use-after-free and resource
leak.
This issue was flagged by Sashiko when reviewing a controller
deregistration fix.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
spi: mpc52xx: fix use-after-free on registration failure
Make sure to disable and free the interrupts in case controller
registration fails to avoid a potential use-after-free and resource
leak.
This issue was flagged by Sashiko when reviewing a controller
deregistration fix.
๐@cveNotify
๐จ CVE-2026-45777
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configuration, or disrupt service availability. All deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
๐@cveNotify
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configuration, or disrupt service availability. All deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
๐@cveNotify
GitHub
Release Open XDMoD 11.0.3 ยท ubccr/xdmod
Important Notes
This release fixes a critical security vulnerability and two other moderate-to-high severity security vulnerabilities in Open XDMoD:
GHSA-29qm-7w4v-43fw
GHSA-3pv7-qvc3-h527
GHSA-3...
This release fixes a critical security vulnerability and two other moderate-to-high severity security vulnerabilities in Open XDMoD:
GHSA-29qm-7w4v-43fw
GHSA-3pv7-qvc3-h527
GHSA-3...
๐จ CVE-2026-45778
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the victim, reflects and executes the unsanitized payload in the victim's browser, potentially leading to credential capture and Open XDMoD account takeover. All deployments of Open XDMoD prior to 11.0.3 are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
๐@cveNotify
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the victim, reflects and executes the unsanitized payload in the victim's browser, potentially leading to credential capture and Open XDMoD account takeover. All deployments of Open XDMoD prior to 11.0.3 are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
๐@cveNotify
GitHub
Reflected Cross-Site Scripting (XSS) in Password Reset in Open XDMoD
### Impact
An authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visit...
An authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visit...
๐จ CVE-2026-45779
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database. All deployments of Open XDMoD prior to 10.0.3 are impacted. This issue was discovered on 2023-08-03 and patched on 2023-08-04. At this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 10.0.3 on 2023-08-04. As a workaround, apply the patch manually.
๐@cveNotify
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database. All deployments of Open XDMoD prior to 10.0.3 are impacted. This issue was discovered on 2023-08-03 and patched on 2023-08-04. At this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 10.0.3 on 2023-08-04. As a workaround, apply the patch manually.
๐@cveNotify
GitHub
Release Open XDMoD 10.0.3 ยท ubccr/xdmod
This release contains the updated RPMS and source tarballs for XDMoD v10.0.3.
Bug Fixes
General
Ensure Metric Explorer handles the case where filters contain a quote character
Bug Fixes
General
Ensure Metric Explorer handles the case where filters contain a quote character
๐จ CVE-2026-45656
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
๐@cveNotify
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
๐@cveNotify
๐จ CVE-2026-45657
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
๐@cveNotify
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
๐@cveNotify
๐จ CVE-2026-45658
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
๐@cveNotify
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
๐@cveNotify
๐จ CVE-2026-47288
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
๐@cveNotify
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
๐@cveNotify
๐จ CVE-2026-47291
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
๐@cveNotify
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
๐@cveNotify
๐จ CVE-2026-47634
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
๐จ CVE-2026-47636
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
๐จ CVE-2026-44963
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
๐@cveNotify
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
๐@cveNotify
Veeam Software
KB4869: Vulnerability Resolved in Veeam Backup & Replication 12.3.2.4854
๐จ CVE-2026-44505
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/src/swarm.rs). Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record via dht_verifier.verify(&record.record). On verifier error, handle_dht_get logs and returns early without completing the oneshot used by Network::dht_get, and without cleaning up per-query bookkeeping. Later query progress can hit the "DHT inconsistent state" path and also return without cleanup. Because Network::dht_get awaits the oneshot without a timeout, the caller future can hang indefinitely. This issue has been patched in version 1.4.0.
๐@cveNotify
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/src/swarm.rs). Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record via dht_verifier.verify(&record.record). On verifier error, handle_dht_get logs and returns early without completing the oneshot used by Network::dht_get, and without cleaning up per-query bookkeeping. Later query progress can hit the "DHT inconsistent state" path and also return without cleanup. Because Network::dht_get awaits the oneshot without a timeout, the caller future can hang indefinitely. This issue has been patched in version 1.4.0.
๐@cveNotify
GitHub
Fix DHT GetRecord query wedge on untrusted peer responses by jsdanielh ยท Pull Request #3716 ยท nimiq/core-rs-albatross
An untrusted peer could respond to a DHT GetRecord query in ways that left the query in an inconsistent state, preventing it from ever completing and wedging the requester.
This change:
Adds DhtGe...
This change:
Adds DhtGe...