News & Sicurezza

CVE ID :CVE-2026-23419 Published : April 3, 2026, 1:24 p.m. | 30 minutes ago Description :In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot reported a circular locking dependency in rds_tcp_tune() where sk_net_refcnt_upgrade() is called while holding the socket lock: ====================================================== WARNING: possible circular locking dependency detected ====================================================== kworker/u10:8/15040 is trying to acquire lock: ffffffff8e9aaf80 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_cache_noprof+0x4b/0x6f0 but task is already holding lock: ffff88805a3c1ce0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: rds_tcp_tune+0xd7/0x930 The issue occurs because sk_net_refcnt_upgrade() performs memory allocation (via get_net_track() -> ref_tracker_alloc()) while the socket lock is held, creating a circular dependency with fs_reclaim. Fix this by moving sk_net_refcnt_upgrade() outside the socket lock critical section. This is safe because the fields modified by the sk_net_refcnt_upgrade() call (sk_net_refcnt, ns_tracker) are not accessed by any concurrent code path at this point. v2: - Corrected fixes tag - check patch line wrap nits - ai commentary nits Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-23418 Published : April 3, 2026, 1:24 p.m. | 30 minutes ago Description :In the Linux kernel, the following vulnerability has been resolved: drm/xe/reg_sr: Fix leak on xa_store failure Free the newly allocated entry when xa_store() fails to avoid a memory leak on the error path. v2: use goto fail_free. (Bala) (cherry picked from commit 6bc6fec71ac45f52db609af4e62bdb96b9f5fadb) Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-27655 Published : April 3, 2026, 1:17 p.m. | 37 minutes ago Description :Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Breaking the Input: Sandbox Escape Hits libinput, Exposing Leading Linux Desktops The core of modern Linux input handling is facing a significant security challenge. libinput, the essential library that manages everything from mouse clicks to touchpad gestures for display servers, ... Read more Published Date: Apr 03, 2026 (3 days, 1 hour ago) Vulnerabilities has been mentioned in this article. CVE-2026-35386 CVE-2026-35094 CVE-2026-35093 CVE-2026-4370 CVE-2026-5281 CVE-2026-3308 CVE-2026-3502 CVE-2026-33032 CVE-2026-21962

The Good, the Bad and the Ugly in Cybersecurity – Week 14 The Good | SentinelOne AI EDR Stops LiteLLM Supply Chain Attack in Real Time This week, SentinelOne demonstrated how autonomous, AI-driven endpoint protection can detect and stop sophisticated supply ... Read more Published Date: Apr 03, 2026 (2 days, 23 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-5281 CVE-2026-3910 CVE-2026-3909 CVE-2026-2441

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote attacker to bypass authenti ... Read more Published Date: Apr 03, 2026 (2 days, 21 hours ago) Vulnerabilities has been mentioned in this article. CVE-2026-20097 CVE-2026-20094 CVE-2026-20093 CVE-2026-20090 CVE-2026-20087 CVE-2026-20085 CVE-2025-20261

CVE ID :CVE-2026-4108 Published : April 3, 2026, 12:16 p.m. | 1 hour, 38 minutes ago Description :Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-4107 Published : April 3, 2026, 12:16 p.m. | 1 hour, 38 minutes ago Description :Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-5467 Published : April 3, 2026, 12:16 p.m. | 1 hour, 38 minutes ago Description :A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect_uri leads to open redirect. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-3879 Published : April 3, 2026, 12:16 p.m. | 1 hour, 38 minutes ago Description :Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-3880 Published : April 3, 2026, 12:16 p.m. | 1 hour, 38 minutes ago Description :Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID :CVE-2026-28703 Published : April 3, 2026, 12:16 p.m. | 1 hour, 38 minutes ago Description :Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...