CVE-2026-22745 CVE-2026-22745 : Denial of service in static resource handling on Windows platforms

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is serving static resources from...

CVE-2026-22745

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is serving static resources from...

PT-2026-36111

Name of the Vulnerable Software and Affected Versions pygeoapi versions 0.23.0 through 0.23.2 Description A raw string path concatenation issue in the STAC FileSystemProvider plugin allows requests to STAC collection based collections to expose directories without authentication. This occurs when...

PT-2026-35909

Name of the Vulnerable Software and Affected Versions Spring MVC affected versions not specified Spring WebFlux affected versions not specified Description Applications using Spring MVC or Spring WebFlux are susceptible to Denial of Service attacks when serving static resources from the file syst...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0)

The version of AHV installed on the remote host is prior to AHV-10.0. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0 advisory. - A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfsgetattributevalue, i...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

USN-8192-2 ntfs-3g vulnerabilities

USN-8192-1 fixed vulnerabilities in NTFS-3G. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Jeffrey Bencteux discovered that NTFS-3G incorrectly handled certain UTF-8 sequences. An attacker could use this issue to cause NTFS-3G to crash, resulting in...

EUVD-2026-25916

A reflected cross-site scripting XSS vulnerability exists in WebFileSys version 2.31.1. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser...

ocfs2: fix possible deadlock between unlink and dio_end_io_write

...

CVE-2026-40706

A flaw was found in NTFS-3G. An attacker can exploit this by creating a specially crafted NTFS file system image. When this image is processed, a vulnerability known as a heap buffer overflow occurs, which can corrupt the computer's memory. This corruption happens within the ntfs-3g program, whic...

OESA-2026-2100 ntfs-3g security update

NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. Security Fixes: A heap buff...

SUSE CVE-2026-31577

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL iassocinode dereference in nilfsmdtsavetoshadowmap The DAT inode's btree node cache iassocinode is initialized lazily during btree operations. However, nilfsmdtsavetoshadowmap assumes iassocinode is already...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-40706)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-40706 advisory. - In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in...

CVE-2026-31598

A flaw was found in the ocfs2 file system within the Linux kernel. A local user could potentially trigger a deadlock due to an ABBA lock ordering violation between the ocfs2unlink and ocfs2dioendiowrite functions. This race condition, caused by inconsistent lock acquisition order, could lead to a...

CVE-2026-31596

A flaw was found in the OCFS2 Oracle Cluster File System, version 2 component of the Linux kernel. A local attacker with control over a specially crafted filesystem could exploit a vulnerability in the ocfs2groupextend function. This flaw arises from an insufficient validation of a global bitmap...

CVE-2026-31551

A flaw was found in the mac80211 Wi-Fi subsystem of the Linux kernel. A local user could exploit a race condition in the aqlenablewrite function, which does not properly handle concurrent write operations to the debug file system. This could lead to a staticbranchdec underflow, resulting in a...

DEBIAN-CVE-2026-31597

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix use-after-free in ocfs2fault when VMFAULTRETRY filemapfault may drop the mmaplock before returning VMFAULTRETRY, as documented in mm/filemap.c: "If our return value has VMFAULTRETRY set, it's because the mmaplock may b...

DEBIAN-CVE-2026-31577

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL iassocinode dereference in nilfsmdtsavetoshadowmap The DAT inode's btree node cache iassocinode is initialized lazily during btree operations. However, nilfsmdtsavetoshadowmap assumes iassocinode is already...

CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend

In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle invalid dinode in ocfs2groupextend BUG kernel BUG at fs/ocfs2/resize.c:308! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP: 0010:ocfs2groupextend+0x10aa/0x1ae0 fs/ocfs2/resize.c:308 Code: 8b8520ff ffff83f8 860f858...

CVE-2026-31596

In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle invalid dinode in ocfs2groupextend BUG kernel BUG at fs/ocfs2/resize.c:308! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP: 0010:ocfs2groupextend+0x10aa/0x1ae0 fs/ocfs2/resize.c:308 Code: 8b8520ff ffff83f8 860f858...