Aggregator

Submit #811468 / VDB-364397

Submit #811467 / VDB-364396

A vulnerability, which was classified as problematic, was found in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. This vulnerability is traded as CVE-2026-8770. An attack has to be approached locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. This vulnerability appears as CVE-2026-8769. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. This vulnerability is reported as CVE-2026-8768. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. This vulnerability is documented as CVE-2026-8767. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Linux Kernel up to 6.18.15/6.19.5. This impacts the function for_each_child_of_node_scoped of the component Misc. This manipulation causes memory leak. This vulnerability is handled as CVE-2025-71290. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.166/6.6.129/6.12.76/6.18.16/6.19.5. This impacts an unknown function of the component memory. Performing a manipulation results in memory leak. This vulnerability is known as CVE-2025-71288. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.19.5. Affected by this issue is the function input_mapping of the component HID. The manipulation leads to denial of service. This vulnerability is traded as CVE-2026-43140. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.19.5 and classified as critical. This vulnerability affects the function ntb_hw_switchtec. This manipulation causes out-of-bounds read. This vulnerability is handled as CVE-2026-43141. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.164/6.6.127/6.12.74/6.18.15/6.19.5 and classified as critical. This issue affects the function mfd_of_node_list of the component mfd. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2026-43143. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.18.15/6.19.5. It has been classified as critical. Impacted is an unknown function of the component media. Performing a manipulation results in buffer overflow. This vulnerability was named CVE-2026-43142. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.19.5. It has been declared as critical. Affected is the function xfrm6_get_saddr. Such manipulation leads to uninitialized pointer. This vulnerability is traded as CVE-2026-43139. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

Submit #811428 / VDB-364395

Submit #811406 / VDB-364394

Submit #811405 / VDB-364393

Submit #811404 / VDB-364393

Submit #811402 / VDB-364392

A vulnerability classified as critical was found in F5 BIG-IP. This affects an unknown function of the component Security Policy Handler. Executing a manipulation can lead to unchecked return value. This vulnerability is registered as CVE-2026-40060. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability marked as critical has been reported in F5 BIG-IP. Affected by this vulnerability is an unknown functionality of the component iControl REST/TMOS Shell. The manipulation leads to least privilege violation. This vulnerability is referenced as CVE-2026-39459. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.