EUVD-2026-5899

In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into...

CVE-2026-23138

In CVE-2026-23138, the Linux kernel fixes an infinite recursion bug triggered when tracing the RCU events with the stack-trace trigger enabled. The patch expands ftrace recursion protection by adding a set of bits to protect events from recursion across contexts (normal, softirq, interrupt, and N...

CVE-2026-23138 tracing: Add recursion protection in kernel stack trace recording

In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into...

CVE-2026-23138

In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into...

CVE-2025-71200

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller...

CVE-2026-23126

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpfboundprogs list The netdevsim driver lacks a protection mechanism for operations on the bpfboundprogs list. When the nsimbpfcreateprog performs listaddtail, it is possibl...

CVE-2026-23126 netdevsim: fix a race issue related to the operation on bpf_bound_progs list

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpfboundprogs list The netdevsim driver lacks a protection mechanism for operations on the bpfboundprogs list. When the nsimbpfcreateprog performs listaddtail, it is possibl...

EUVD-2026-5910

In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpfboundprogs list The netdevsim driver lacks a protection mechanism for operations on the bpfboundprogs list. When the nsimbpfcreateprog performs listaddtail, it is possibl...

Authentication Bypass on FastAPI Routes (Job API, OTel API) When Basic Auth Enabled

Summary When MLflow is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI, the FastAPI permission middleware only enforces authentication on /gateway/ routes. All other FastAPI routes -- including the Job API /ajax-api/3.0/jobs/ and the OpenTelemetry trace...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a lack of recursive protection in the kernel stack trace records. This vulnerability could lead t...

Linux Distros Unpatched Vulnerability : CVE-2026-23138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kerne...

GHSA-C7PH-F7JM-XV4W rPGP's integrity protection of encrypted data was not always checked

Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...

rPGP's integrity protection of encrypted data was not always checked

Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...

GHSA-QHP6-6P8P-2RQH Wildfly Elytron integration susceptible to brute force attacks via CLI

Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...

CVE-2026-1320

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-23112

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmettcpbuildpduiovec nvmettcpbuildpduiovec could walk past cmd-req.sg when a PDU length or offset exceeds sgcnt and then use bogus sg-length/offset values, leading to copytoiter GPF/KASAN. Guard...

Malicious code in hxz-protection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13dc9932ef1f00aa6dc52dbc5bbb2a7b4096ff94d4dc575903837159d377ba18 The package hxz-protection was found to contain malicious code. Source: ghsa-malware bbf0a8985b32c32401ddf04b75ef930250aab926a54a6ae5dfce381386eb0876...

Malicious Package

Overview hxz-protection is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-884 Malicious code in hxz-protection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13dc9932ef1f00aa6dc52dbc5bbb2a7b4096ff94d4dc575903837159d377ba18 The package hxz-protection was found to contain malicious code. Source: ghsa-malware bbf0a8985b32c32401ddf04b75ef930250aab926a54a6ae5dfce381386eb0876...

CVE-2026-20647

This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data...