Aggregator

Submit #814645 / VDB-365601

换个角度，关注企业出海安全~

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. This affects the function ncm_unwrap_ntb of the component USB Handler. Performing a manipulation results in insufficient verification of data authenticity. This vulnerability is reported as CVE-2026-31617. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. It has been declared as critical. The affected element is the function check_wsl_eas of the component smb. The manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2026-31614. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. This affects the function renesas_usb3. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2026-31615. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. This vulnerability affects the function pn_rx_complete of the component usb. This manipulation of the argument frags[] causes heap-based buffer overflow. This vulnerability is registered as CVE-2026-31616. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.18.23/6.19.13/7.0.0. This affects the function smb2_check_message of the component smb. Such manipulation leads to memory corruption. This vulnerability is listed as CVE-2026-31613. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0 and classified as critical. This vulnerability affects the function smb2_get_ea of the component ksmbd. Performing a manipulation results in uninitialized pointer. This vulnerability is cataloged as CVE-2026-31612. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0 and classified as critical. This issue affects the function parse_dacl of the component ksmbd. Executing a manipulation can lead to incorrect comparison. This vulnerability is registered as CVE-2026-31611. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

用户通过社交媒体报告，摩托罗拉手机预装的一个应用 Smart Feed 在更新之后开始劫持亚马逊应用植入联盟营销推广码获取佣金。非常奇怪的是，推广码 sramz-kff-008-20 指向的是一名时尚博主“@kirasfashionfinds”，也就是佣金给的不是 Smart Feed 而是这位博主。暂时不清楚究竟发生了什么。受影响的用户可通过禁用 Smart Feed 关闭推广码，方法是：Settings > Apps > 搜索定位到 “Smart Feed” > Disable。

Вся защита проекта держалась на схеме, где одна подпись решала слишком многое.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. Affected by this vulnerability is the function ksmbd_decode_negTokenInit of the component BER Decoder. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2026-31610. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.18.23/6.19.13/7.0.0. Affected by this vulnerability is the function smb_direct_flush_send_list. The manipulation results in double free. This vulnerability is identified as CVE-2026-31608. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.18.23/6.19.13/7.0.0. Affected by this issue is the function smbd_free_send_io. This manipulation causes double free. This vulnerability is tracked as CVE-2026-31609. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. Affected is the function cdev_init. The manipulation leads to heap-based buffer overflow. This vulnerability is referenced as CVE-2026-31606. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0. The impacted element is the function usbip_pack_ret_submit of the component USB Handler. Such manipulation leads to integer overflow. This vulnerability is documented as CVE-2026-31607. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0 and classified as critical. Impacted is an unknown function of the component Udlfb Driver. Performing a manipulation results in divide by zero. This vulnerability is reported as CVE-2026-31605. The attacker must have access to the local network to execute the attack. No exploit exists. The affected component should be upgraded.

The Oncology Institute disclosed a data breach tied to a third-party vendor, potentially exposing patient information after a 2025 cyberattack. The Oncology Institute has confirmed that patient information was impacted in a cybersecurity incident involving a third-party software provider. The healthcare network first disclosed the security breach in November 2025 while the vendor’s investigation was […]

Third-Party Cyberattack Impacts Patient Information at The Oncology Institute

A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as CVE-2026-5426 (CVSS score: 7.5), stems from the use of hard-coded ASP.NET machine keys, leading to