Aggregator

Submit #814936 / VDB-285939

A vulnerability was found in Squirrel up to 3.2. It has been classified as critical. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. This vulnerability is identified as CVE-2026-9541. The attack is only possible with local access. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

Submit #814925 / VDB-360865

Submit #814866 / VDB-365603

Submit #814826 / VDB-365602

A vulnerability was found in vllm-project vllm 0.19.0 and classified as problematic. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. This vulnerability is referenced as CVE-2026-9540. It is possible to launch the attack remotely. Furthermore, an exploit is available. The pull request to fix this issue awaits acceptance.

Submit #814645 / VDB-365601

换个角度，关注企业出海安全~

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. This affects the function ncm_unwrap_ntb of the component USB Handler. Performing a manipulation results in insufficient verification of data authenticity. This vulnerability is reported as CVE-2026-31617. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. It has been declared as critical. The affected element is the function check_wsl_eas of the component smb. The manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2026-31614. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. This affects the function renesas_usb3. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-31615. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. This vulnerability affects the function pn_rx_complete of the component usb. This manipulation of the argument frags[] causes heap-based buffer overflow. This vulnerability is registered as CVE-2026-31616. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.18.23/6.19.13/7.0.0. This affects the function smb2_check_message of the component smb. Such manipulation leads to memory corruption. This vulnerability is listed as CVE-2026-31613. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0 and classified as critical. This vulnerability affects the function smb2_get_ea of the component ksmbd. Performing a manipulation results in uninitialized pointer. This vulnerability is cataloged as CVE-2026-31612. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0 and classified as critical. This issue affects the function parse_dacl of the component ksmbd. Executing a manipulation can lead to incorrect comparison. This vulnerability is registered as CVE-2026-31611. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

用户通过社交媒体报告，摩托罗拉手机预装的一个应用 Smart Feed 在更新之后开始劫持亚马逊应用植入联盟营销推广码获取佣金。非常奇怪的是，推广码 sramz-kff-008-20 指向的是一名时尚博主“@kirasfashionfinds”，也就是佣金给的不是 Smart Feed 而是这位博主。暂时不清楚究竟发生了什么。受影响的用户可通过禁用 Smart Feed 关闭推广码，方法是：Settings > Apps > 搜索定位到 “Smart Feed” > Disable。

Вся защита проекта держалась на схеме, где одна подпись решала слишком многое.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. Affected by this vulnerability is the function ksmbd_decode_negTokenInit of the component BER Decoder. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2026-31610. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.18.23/6.19.13/7.0.0. Affected by this vulnerability is the function smb_direct_flush_send_list. The manipulation results in double free. This vulnerability is identified as CVE-2026-31608. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.18.23/6.19.13/7.0.0. Affected by this issue is the function smbd_free_send_io. This manipulation causes double free. This vulnerability is tracked as CVE-2026-31609. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.