CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

CVE-2026-20219

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

CVE-2026-20219

Cisco Slido REST API contains an insecure direct object reference that could let an authenticated, remote attacker view other users’ social profiles or affect quiz/poll results via a crafted request. Impact described as low confidentiality and integrity impact, with no availability impact. Cisco ...

Cisco Slido Insecure Direct Object Reference Vulnerability

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

PT-2026-37384

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the Linux kernel where the ep free function in eventpoll.c may release the epi-ep eventpoll structure while it is still being accessed by another...

CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

CVE-2026-32689

CVE-2026-32689 affects Phoenix (Elixir) LongPoll transport: in Elixir.Phoenix.Transports.LongPoll publish/4, a POST with Content-Type: application/x-ndjson is split by newline without a limit, turning a small payload into enormous lists of empty binaries and a second large list via Enum.map, caus...

CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Power: Supply: bq27xxx: Fixed handling of pollinterval and races during removal operations. Before this patch, the bq27xxxbatteryteardown function set pollinterval to 0 to avoid requeuing the delayedwork item during...

Astra Linux – Vulnerability in Linux 6.1

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-43031

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors scatter-gather, axienetfreetxchain sums the per-BD actual length from descriptor status into a caller-provided...

CVE-2026-31550

CVE-2026-31550 is a Linux kernel issue in the bcm2835-power component. The bcm2835_asb_control() polling loop could fail to properly disable the V3D master ASB on BCM2711 under heavy workloads, leaving the V3D in a broken state and potentially causing bus faults or system hangs. The mitigation in...

CVE-2026-31550

In the Linux kernel, the following vulnerability has been resolved: pmdomain: bcm: bcm2835-power: Increase ASB control timeout The bcm2835asbcontrol function uses a tight polling loop to wait for the ASB bridge to acknowledge a request. During intensive workloads, this handshake intermittently...

CVE-2026-31550

In the Linux kernel, the following vulnerability has been resolved: pmdomain: bcm: bcm2835-power: Increase ASB control timeout The bcm2835asbcontrol function uses a tight polling loop to wait for the ASB bridge to acknowledge a request. During intensive workloads, this handshake intermittently...

CVE-2026-31523

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a polled queue A user can change the polled queue count at run time. There's a brief window during a reset where a hipri task may try to poll that queue before the block layer has updated the queue...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013863)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013863 advisory. In the Linux kernel, the following vulnerability has been resolved: cachefiles: add missing lock protection when polling Add missing lock protection in poll routine...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013131)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013131 advisory. In the Linux kernel, the following vulnerability has been resolved: vmcihost: fix a race condition in vmcihostpoll causing GPF During fuzzing, a general protection...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013145)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013145 advisory. In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx: Fix pollinterval handling and races on remove Before this patch...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007584)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007584 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fec: remove .ndopollcontroller to avoid deadlocks There is a deadlock issue found in sungem...

Discourse authorization issue vulnerability (CNVD-2026-17262)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse is vulnerable to an authorization issue. The vulnerability stems from the fact that a user who loses access to a topic can stil...