shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained a security vulnerability. This vulnerability stemmed from the CreateOrderFromCartAction::execute function, which created order lines before checking and increasing the...

PT-2026-44942

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total use counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usage limit wa...

PT-2026-45015

Summary Gotenberg is vulnerable to a remote denial of service in multipart downloadFrom handling. A multipart request containing multiple downloadFrom entries causes concurrent goroutines to write to shared maps without synchronization. This can terminate the process with fatal error: concurrent...

CVE-2026-42082

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command,...

CVE-2026-46215

In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in changehandle There was a potential race condition in changehandle. The ioctl briefly had a single object with two idr entries; a concurrent gemclose could delete the object and...

CVE-2026-46233 batman-adv: bla: only purge non-released claims

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...

CVE-2026-46233

CVE-2026-46233 affects the Linux kernel batman-adv component (batadv_bla_purge_claims). The issue arises when iterating the claims list with an rcu_read_lock() and encountering a claim being released, potentially setting backbone_gw to NULL before the delayed kfree, making batadv_bla_claim_get_ba...

CVE-2026-46152

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...

EUVD-2026-32779

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...

SUSE CVE-2026-45901

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: revert commitmutex usage in reset path It causes circular lock dependency between commitmutex, nfnlsubsysipset and nlkcbmutex when nft reset, ipset list, and iptables-nft with '-m set' rule run at the same...

CVE-2026-45901

A flaw was found in the Linux kernel's netfilter nftables component. This vulnerability allows a local attacker to cause a denial of service DoS by triggering a circular lock dependency. This occurs when nft reset, ipset list, and iptables-nft with a '-m set' rule are executed concurrently, leadi...

kernel: Bluetooth: SCO: fix race conditions in sco_sock_connect()

A flaw was found in the Linux kernel, specifically within its Bluetooth Synchronous Connection-Oriented SCO component. This vulnerability occurs due to race conditions when multiple connection attempts are made simultaneously on the same Bluetooth socket. This can lead to a use-after-free error,...

PT-2026-44275

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A race condition exists in the ieee80211 invoke fast rx function within the mac80211 wireless driver. The rx result variable...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the rxresult of fast-RX in mac80211 is incorrectly declared as a static variable,...

CVE-2026-48066

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

CVE-2026-47270

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb is a PAM module loaded into the host process sudo, login, GDM, GNOME Shell. Display managers such as GDM run multiple concurrent authentication threads. Three functions used by the denyremote...

CVE-2026-48066 pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

CVE-2026-48066

pam_usb fixes a thread-unsafe behavior: before 0.9.1, src/log.c used a process-wide static pointer written on every PAM invocation to a stack-local address, creating a data race when PAM is invoked concurrently by multiple threads. The issue is resolved in version 0.9.1. Affected component: pam_u...

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...

CVE-2026-46086

A flaw was found in the Linux kernel. Inconsistent handling of local Forwarding Database FDB entries in the bridge networking component's RCU Read-Copy-Update readers can lead to a null-pointer dereference. A local attacker could exploit this by triggering a concurrent update to an FDB entry,...