4809 matches found
CVE-2026-53101
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix potential deadlock in mt7921rocabortsync rocabortsync can deadlock with rocwork. rocwork holds dev-mt76.mutex, while cancelworksync waits for rocwork to finish. If the caller already owns the same mutex,...
CVE-2026-52981
In the Linux kernel, the following vulnerability has been resolved: neigh: let neighxmit take skb ownership neighxmit always releases the skb, except when no neighbour table is found. But even the first added user of neighxmit mpls relied on neighxmit to release the skb or queue it for tx. sashik...
EUVD-2026-39009
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow...
CVE-2026-55611 AnythingLLM: embed-parsed-file cleanup deletes any parsed file by ID without ownership scoping (cross-tenant IDOR deletion)
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow...
CVE-2026-55611
CVE-2026-55611 affects AnythingLLM. The vulnerability allows cross-tenant IDOR deletion of parsed-files via the endpoint POST /api/workspace/:slug/embed-parsed-file/:fileId. From 1.11.1 to 1.14.1, ownership-scoped access was added for parsed-files reads/deletes, but the delete path still removes ...
CVE-2026-53101 wifi: mt76: mt7921: fix potential deadlock in mt7921_roc_abort_sync
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix potential deadlock in mt7921rocabortsync rocabortsync can deadlock with rocwork. rocwork holds dev-mt76.mutex, while cancelworksync waits for rocwork to finish. If the caller already owns the same mutex,...
CVE-2026-52981 neigh: let neigh_xmit take skb ownership
In the Linux kernel, the following vulnerability has been resolved: neigh: let neighxmit take skb ownership neighxmit always releases the skb, except when no neighbour table is found. But even the first added user of neighxmit mpls relied on neighxmit to release the skb or queue it for tx. sashik...
CVE-2026-52981
In the Linux kernel, the following vulnerability has been resolved: neigh: let neighxmit take skb ownership neighxmit always releases the skb, except when no neighbour table is found. But even the first added user of neighxmit mpls relied on neighxmit to release the skb or queue it for tx. sashik...
CVE-2026-52981
CVE-2026-52981 concerns a Linux kernel issue in neigh_xmit: when called with an uninitialized neighbor table (e.g., NEIGH_ND_TABLE with IPv6 disabled), neigh_xmit can return -EAFNOSUPPORT without releasing the skb, risking a memory leak. The fix removes the remaining code path that could neither ...
CVE-2026-52933
A flaw was found in the Linux kernel's iouring/poll component. A logic error exists in the iopollgetownership function due to an incorrect signed comparison. This flaw prevents the necessary slowpath from being triggered when the IOPOLLCANCELFLAG is set, potentially leading to unexpected behavior...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validates the owner of the durable handle upon reconnection. Currently, ksmbd does not verify whether the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: media: vidtv: Local pointers must be initialized upon transferring memory ownership. The vidtvchannelsiinit function creates a temporary list program, service, event, and the ownership of the memory itself is transferred to th...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: Fixed a memory leak in skbSegmentList for GRO packets When skbSegmentList is called during packet forwarding, it handles packets that were aggregated by the GRO engine. Historically, the segmentation logic in skbSegmentList...
CVE-2026-56257
Capgo before 12.128.2 allows direct patching of public.apps.ownerorg through PostgREST, bypassing the transferapp workflow and creating split-brain ownership. Attackers can directly update apps.ownerorg while leaving appversions.ownerorg unchanged, enabling old-org keys to retain access to versio...
CVE-2026-56257 Capgo - Authorization Bypass in App Ownership Transfer via Direct PostgREST Update
Capgo before 12.128.2 allows direct patching of public.apps.ownerorg through PostgREST, bypassing the transferapp workflow and creating split-brain ownership. Attackers can directly update apps.ownerorg while leaving appversions.ownerorg unchanged, enabling old-org keys to retain access to versio...
CVE-2026-56257
Capgo (CVE-2026-56257) before 12.128.2 allows an authorization bypass via PostgREST that patches public.apps.owner_org directly, bypassing the transfer_app() workflow and causing split-brain ownership. An attacker can update apps.owner_org while leaving app_versions.owner_org unchanged, allowing ...
EUVD-2026-38744
Capgo before 12.128.2 allows direct patching of public.apps.ownerorg through PostgREST, bypassing the transferapp workflow and creating split-brain ownership. Attackers can directly update apps.ownerorg while leaving appversions.ownerorg unchanged, enabling old-org keys to retain access to versio...
CVE-2026-52933
In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-pollrefs = IOPOLLREFBIAS...
UBUNTU-CVE-2026-52933
In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-pollrefs = IOPOLLREFBIAS...
EUVD-2026-38703
In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-pollrefs = IOPOLLREFBIAS...