CVE-2026-23360 nvme: fix admin queue leak on controller reset

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queu...

CVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_open

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251xopen The mcp251xopen function call freeirq in its error path with the mpclock mutex held. But if an interrupt already occurred the interrupt handler will be waiting for the mpclo...

CVE-2026-23355

In the Linux kernel, the following vulnerability has been resolved: ata: libata: cancel pending work after clearing deferredqc Syzbot reported a WARNON in atascsideferredqcwork, caused by ap-ops-qcdefer returning non-zero before issuing the deferred qc. atascsischeduledeferredqc is called during...

CVE-2026-23330

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...

CVE-2026-23330

Summary: CVE-2026-23330 affects the Linux kernel NFC/NCI subsystem. The issue arises in nci_close_device() where pending data exchanges may not be completed before closing, allowing a leaking unreferenced socket object (example: 0xff1100000f435000, size 2048) and associated references. This could...

CVE-2026-23330 nfc: nci: complete pending data exchange on device close

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...

CVE-2026-23330 nfc: nci: complete pending data exchange on device close

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...

PT-2026-28168

Name of the Vulnerable Software and Affected Versions Rails versions prior to 8.1.2.1 Rails versions prior to 8.0.4.1 Rails versions prior to 7.2.3.1 Description Active Storage, used for attaching cloud and local files in Rails applications, is susceptible to a denial-of-service condition. The...

PT-2026-36439

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth component where the hci cmd sync queue once function fails to indicate whether a queue item was added. This prevents the caller from knowing if callbacks...

Cisco IOS XE Wireless Controller software 安全漏洞

The Cisco IOS XE Wireless Controller software is a wireless local area network controller developed by the American company Cisco. It provides management functions for networks. The Cisco IOS XE Wireless Controller software has a security vulnerability that stems from improper handling of malform...

PT-2026-27791

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family affected versions not specified Description A flaw exists in how the software processes Control and Provisioning of Wireless Access Points CAPWAP packets. This could allo...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper release of old management queues when the controller is reset, potentially leading t...

Linux Distros Unpatched Vulnerability : CVE-2026-23287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores interrupt completion message for disabled interrupt, explained by the...

Linux Distros Unpatched Vulnerability : CVE-2026-23362

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: bcm: fix locking for bcmop runtime updates Commit c2aba69d0c36 can: bcm: add locking for bcmop runtime updates added a locking for some variables that can ...

Cisco IOS XE Software Wireless Controller for the Catalyst CW9800 Family CAPWAP DoS (cisco-sa-wlc-dos-hnX5KGOm)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the processing of Control and Provisioning of Wireless Access Points CAPWAP packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an...

Linux Distros Unpatched Vulnerability : CVE-2026-23360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme: fix admin queue leak on controller reset When nvmeallocadmintagset is called during a controller reset, a previous admin queue may still exist. Release it...

Ingress-NGINX Controller < 1.13.9 / 1.14.x < 1.14.5 / 1.15.x < 1.15.1 Configuration Injection

The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.9, 1.14.5, or 1.15.1. It is, therefore, affected by a configuration injection vulnerability. A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject...

EUVD-2026-14960

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

CVE-2026-2417

A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges...

CVE-2026-2417

The CVE-2026-2417 entry concerns Pharos Controls Mosaic Show Controller firmware 2.15.3, describing a Missing Authentication for Critical Function that could let an unauthenticated attacker bypass authentication and run arbitrary commands with root privileges. The vulnerability is rated CRITICAL ...