UnknownCVE-2026-53282In the Linux kernel, the following vulnerability has been resolved:
x86/kexec: Push kjump return address even for non-kjump kexec
The version of purgatory code shipped by kexec-tools attempts to loo
2026-06-26 23:17
HIGHCVE-2026-53281In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Avoid NULL pointer dereference or refcount corruption
Commit 60f030f7418d ("iommu/vt-d: Avoid use of NULL after WARN_O
2026-06-26 23:17 · CVSS 8.8
UnknownCVE-2026-53280In the Linux kernel, the following vulnerability has been resolved:
iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()
Local sashiko review pointed it out that group->domain cou
2026-06-26 23:17
UnknownCVE-2026-53279In the Linux kernel, the following vulnerability has been resolved:
drm/gma500/oaktrail_lvds: fix hang on init failure
The LVDS init code looks up an I2C adapter using i2c_get_adapter() and
tries to
2026-06-26 23:17
UnknownCVE-2026-53278In the Linux kernel, the following vulnerability has been resolved:
arm_mpam: Check whether the config array is allocated before destroying it
__destroy_component_cfg() is called to free the configu
2026-06-26 23:17
CRITICALCVE-2026-52785OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality. OpenProject baseline comparison allows callers to r
2026-06-26 23:17 · CVSS 9.9
HIGHCVE-2026-52784OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POST parameter "user[admin]". This vulnerability is fixe
2026-06-26 23:17 · CVSS 8.8
HIGHCVE-2026-52783OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth access_token plaintext to Rai
2026-06-26 23:17 · CVSS 8.2
CRITICALCVE-2026-52782OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_
2026-06-26 23:17 · CVSS 9.9
MEDIUMCVE-2026-52781OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the HTML sanitizer grants <macro> elements unrestricted data-* attributes via :data wildcard. An attacker
2026-06-26 23:17 · CVSS 6.4
CRITICALCVE-2026-52780OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE). This vulnerability is fixed in 17.3.3 and 17.
2026-06-26 23:17 · CVSS 9.6
MEDIUMCVE-2026-52779OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusion in the Calendar and Team Planner modules allows a
2026-06-26 23:17 · CVSS 5.4
HIGHCVE-2026-49991RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the S
2026-06-26 23:17 · CVSS 8.6
MEDIUMCVE-2026-49355OpenProject is open-source, web-based project management software. Prior to 17.4.0, `GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id` discloses private work package data from a linked wo
2026-06-26 23:17 · CVSS 4.3
HIGHCVE-2026-47193OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field vis
2026-06-26 23:17 · CVSS 7.5
CRITICALCVE-2026-46386OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRET_KEY_BASE=OVERWRITE_ME as the default Rails master key.
2026-06-26 23:17 · CVSS 9.9
MEDIUMCVE-2026-44736OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject (title) of
2026-06-26 23:17 · CVSS 6.5
MEDIUMCVE-2026-44735OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with
2026-06-26 23:17 · CVSS 6.5
MEDIUMCVE-2026-44734OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in OpenProject's CostReportsController. The rename and updat
2026-06-26 23:17 · CVSS 6.5
MEDIUMCVE-2026-44733OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password
2026-06-26 23:17 · CVSS 5.9