2380 matches found
DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEADVAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan RAT known as AsyncRAT. "The attack...
CVE-2026-23053
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...
AZL-77157 CVE-2026-23053 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...
CVE-2026-23053
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...
UBUNTU-CVE-2026-23053
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...
EUVD-2026-5493
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...
CVE-2026-23053 NFS: Fix a deadlock involving nfs_release_folio()
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...
CVE-2026-23053 NFS: Fix a deadlock involving nfs_release_folio()
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...
CVE-2026-23053
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...
CVE-2026-23053
Summary (CVE-2026-23053): A Linux kernel vulnerability in NFS can deadlock during NFSv4.1 state recovery when kthreadd tries to reclaim memory by calling nfs_release_folio(). The deadlock prevents progress in nfs_release_folio(), which delays memory reclamation. The fix implemented is to initiate...
WordPress Sell BTC - Cryptocurrency Selling Calculator plugin <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'orderform_data' AJAX Action vulnerability
WordPress Sell BTC - Cryptocurrency Selling Calculator plugin = 1.5 - Unauthenticated Stored Cross-Site Scripting via 'orderformdata' AJAX Action vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Sell BTC – Cryptocurrency Selling Calculator versions = 1.5...
CVE-2025-14550 Potential denial-of-service vulnerability via repeated headers when using ASGI
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...
CVE-2025-14550
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...
CVE-2026-1371 Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...
kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion
A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...
kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion
A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...
CVE-2026-23021 net: usb: pegasus: fix memory leak in update_eth_regs_async()
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in updateethregsasync When asynchronously writing to the device registers and if usbsubmiturb fail, the code fail to release allocated to this point resources...
CVE-2026-23021
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in updateethregsasync When asynchronously writing to the device registers and if usbsubmiturb fail, the code fail to release allocated to this point resources...
EUVD-2026-5073
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in updateethregsasync When asynchronously writing to the device registers and if usbsubmiturb fail, the code fail to release allocated to this point resources...
CVE-2026-23021 net: usb: pegasus: fix memory leak in update_eth_regs_async()
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in updateethregsasync When asynchronously writing to the device registers and if usbsubmiturb fail, the code fail to release allocated to this point resources...