🚨 CISA KEV 1[−]
26 Apr KEVSecurity Affairs newsletter Round 574 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds SimpleHelp, Sa…SECURITYAFFAIRS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 121[−]
26 AprCVE-2022-2068 The c_rehash script allows command injectionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookupInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated usersInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31557 nvmet: move async event work off nvmet-wqInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in useInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31646 net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31620 ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31593 KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPUInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31667 Input: uinput - fix circular locking dependency with ff-coreInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGIONInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFOInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31589 mm: call ->free_folio() directly in folio_unmap_invalidate()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31605 fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFOInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ibInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sectionsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31602 ALSA: ctxfi: Limit PTP to a single pageInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31637 rxrpc: reject undecryptable rxkad response ticketsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shiftInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31651 mmc: vub300: fix NULL-deref on disconnectInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handlerInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connectionsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31621 bnge: return after auxiliary_device_uninit() in error pathInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOKInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlersInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token allocInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local filesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31645 net: lan966x: fix page pool leak in error pathsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is providedInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41411 Vim: Command injection via backtick expansion in tag filenamesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_writeInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcreditsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23414 tls: Purge async_hold in tls_decrypt_async_wait()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTATInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31600 arm64: mm: Handle invalid large leaf mappings correctlyInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using itInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31671 xfrm_user: fix info leak in build_report()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transactionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrapInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memoryInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged versionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculationInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSGInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crashInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length checkInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31639 rxrpc: Fix key reference count leak from call->keyInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31657 batman-adv: hold claim backbone gateways by referenceInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31591 KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finishInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checksInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exitInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31630 rxrpc: proc: size address buffers for %pISpc outputInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31655 pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabledInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31685 netfilter: ip6t_eui64: reject invalid MAC header for all packetsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31649 net: stmmac: fix integer underflow in chain modeInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_establishedInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31680 net: ipv6: flowlabel: defer exclusive option free until RCU teardownInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31678 openvswitch: defer tunnel netdev_put to RCU releaseInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31595 PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanupInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31681 netfilter: xt_multiport: validate range encoding in checkentryInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND optionsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31659 batman-adv: reject oversized global TT response buffersInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31625 HID: alps: fix NULL pointer dereference in alps_raw_event()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31679 openvswitch: validate MPLS set/set_masked payload lengthInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31673 af_unix: read UNIX_DIAG_VFS data under unix_state_lockInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31664 xfrm: clear trailing padding in build_polexpire()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handlerInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRYInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lockInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeatInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23401 KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTEInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry pathInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALEDInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31638 rxrpc: Only put the call ref if one was acquiredInformation published.MSRC.MICROSOFT.COM
26 Apr KEVCVE-2026-31574 clockevents: Add missing resets of the next_event_forced flagInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extendInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnectInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31604 wifi: rtw88: fix device leak on probe failureInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failureInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_mapInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroyInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being createdInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31613 smb: client: fix OOB reads parsing symlink error responseInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31594 PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardownInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized lengthInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31601 vfio/xe: Reorganize the init to decouple migration from resetInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnelInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnectInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31676 rxrpc: only handle RESPONSE during service challengeInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write valuesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budgetInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruptionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31684 net: sched: act_csum: validate nested VLAN headersInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23362 can: bcm: fix locking for bcm_op runtime updatesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31788 xen/privcmd: restrict usage in unprivileged domUInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23360 nvme: fix admin queue leak on controller resetInformation published.MSRC.MICROSOFT.COM
26 AprCritical bug in CrowdStrike LogScale let attackers access filesCrowdStrike fixed CVE-2026-40050 in LogScale self-hosted, a critical flaw allowing unauthenticated file access via path traversal. CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unau…SECURITYAFFAIRS.COM
⚠️ VULNERABILITY DISCLOSURE 1[−]
26 AprWeek in review: Claude Mythos finds 271 Firefox flaws, Vercel breachHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines Boost Security has released SmokedMeat, an open-source framework that runs attack chains against CI/CD inf…HELPNETSECURITY.COM
🔥 INCIDENT REPORTING 2[−]
26 AprTrigona ransomware adopts custom tool to steal data and evade detectionTrigona ransomware now uses a custom command-line tool to steal data faster and evade detection, replacing tools like Rclone and MegaSync. Symantec researchers report that recent Trigona ransomware attacks used a custom-built data exfiltration tool instead of common utilities lik…SECURITYAFFAIRS.COM
26 AprUdemy - 1,401,259 breached accountsIn April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The data also includ…HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 3[−]
26 AprXChat launches standalone iOS app as security concerns remainX has launched a standalone iOS app for its XChat messaging platform, promoting it as a private, end-to-end encrypted communication tool, but concerns about its security model continue to shadow the release. The announcement was made on X, marking the first time XChat has been of…CYBERINSIDER.COM
26 AprGopherWhisper: new China-linked APT targets Mongolia with Go-based malwareESET found a new China-linked APT, tracked as GopherWhisper, targeting Mongolia using Go-based malware, loaders, and backdoors. ESET researchers uncovered a new China-aligned APT group called GopherWhisper, targeting government institutions in Mongolia. The group’s arsenal …SECURITYAFFAIRS.COM
26 AprNpm Slop & Wonky Software Supply Chainssubmitted by codeinabox to security 1 points | 0 comments https://simonramstedt.com/blog/2026-04-09-npm-slop-and-wonky-software-supply-chains/ cross-posted from: lemmy.bestiver.se/post/1069240 CommentsPROGRAMMING.DEV
🌐 CYBER THREAT LANDSCAPE 1[−]
26 AprSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 94Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Morpheus: A new Spyware linked to IPS Intelligence The iPhone — invincible no more: a look at DarkSword and Coruna Lotus Wiper: a new …SECURITYAFFAIRS.COM
📡 INFOSEC NEWS 1[−]
26 AprCalifornia Engineer Identified in Suspected Shooting at White House Correspondents' DinnerThe 31-year-old engineer and self-described indie game developer is suspected of firing shots at the annual event attended by President Donald Trump, high-profile media figures, and US government officials.WIRED.COM