CVE-2026-57436

Summary: The CVE affects Nokogiri (Ruby) prior to 1.19.4, where Nokogiri::XML::Document#root= could accept a DTD node as the document root, causing a heap use-after-free during garbage collection/finalization and potentially an invalid memory read or segfault. Root cause: setting a non-root node ...

ROOT-APP-NPM-GHSA-39Q2-94RC-95CP GHSA-39q2-94rc-95cp in @rootio/dompurify - Patched by Root

Root has patched GHSA-39q2-94rc-95cp in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-27977 CVE-2026-27977 in @rootio/next - Patched by Root

Root has patched CVE-2026-27977 in the @rootio/next package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2021-3918 CVE-2021-3918 in @rootio/json-schema - Patched by Root

Root has patched CVE-2021-3918 in the @rootio/json-schema package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-41182 CVE-2026-41182 in @rootio/langsmith - Patched by Root

Root has patched CVE-2026-41182 in the @rootio/langsmith package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2016-20018 CVE-2016-20018 in @rootio/knex - Patched by Root

Root has patched CVE-2016-20018 in the @rootio/knex package for Root:npm. Multiple fixed versions available...

PT-2026-42672

Name of the Vulnerable Software and Affected Versions core-rs-albatross affected versions not specified Description A remote, unauthenticated denial-of-service issue exists in the MerkleRadixTrie::put chunk function. A malicious state-sync peer can cause a node to crash by responding to a...

CVE-2026-43053

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

EUVD-2026-26652

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

PT-2026-34911

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup 1. Replace "of find node by path"/"" with "of root" to avoid multiple calls to "of node put". 2. Fix a potential kernel oops during early boot when memory allocation fails while...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003904)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003904 advisory. btrfsrootnode in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcudereferenceroot-node can be zero. Tenable has...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000418)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000418 advisory. btrfsrootnode in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcudereferenceroot-node can be zero. Tenable has...

EUVD-2020-21847

Malware in sbrugna...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the root node being released during kernfsdrain, which could lead to post-release reuse...

Linux Distros Unpatched Vulnerability : CVE-2024-27058

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tmpfs: fix race on handling dquot rbtree A syzkaller reproducer found a race while attemptin...

SUSE CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

GO-2025-3512 kubevirt-csi: PersistentVolume allows access to HCP's root node in github.com/kubevirt/csi-driver

kubevirt-csi: PersistentVolume allows access to HCP's root node in github.com/kubevirt/csi-driver. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fixed the potential NULL pointer dereferencing in nilfsbtreeinsert The patch series “nilfs2: fixes potential issues with empty B-tree nodes” addresses three potential issues with empty B-tree nodes that can occur with...

CVE-2024-47757 nilfs2: fix potential oob read in nilfs_btree_check_delete()

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfsbtreecheckdelete The function nilfsbtreecheckdelete, which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer...

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a race condition in the generic-radix-tree in the lib component when increasing the depth of the tree, which...