CVE-2026-46073

hwmon: powerz Fix missing usbkillurb on signal interrupt...

Linux Distros Unpatched Vulnerability : CVE-2026-46065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fbdev: defio: Disconnect deferred I/O from the lifetime of struct fbinfo Hold state of deferred I/O in struct fbdeferrediostate. Allocate an instance as part of...

PT-2026-43940

Content removed...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility of deadlock occurring when the shadow stack signals hold a mmap read lock during signal...

Identifying People Using Wi-Fi Routers

Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals. This is accomplished through what is known as WiFi sensing, or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel through a space, th...

The Alert Firehose Finally Meets Its Match

Ask a cybersecurity pro about Network Detection and Response NDR and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll hear they're actually using it to catch threats earlier, triage faster, and chase fewer false positive...

Edimax EW-7438RPn 命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. The Edimax EW-7438RPn version 1.28a has a command injection vulnerability. This vulnerability stems from improper handling of parameters such as...

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. The...

CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb: Client: Fixed a potential Use-after-Allocation error in cifssignalcifsdforreconnect. Skipped sessions that are being terminated status == SESEXITING to avoid UAF errors...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copyseccomp to the no-failure path. Our syzbot instance reported memory leaks in doseccomp, similar to the reports 1. This indicates that we are failing to properly free the struct seccompfilter and some objects...

Astra Linux - уязвимость в glibc

A out-of-bounds write vulnerability was discovered in glibc before version 2.31, when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: The senddone handler now handles completion without using IBSENDSIGNALED. With smbdirectsendbatch, we likely have requests that do not include IBSENDSIGNALED. These requests will be destroyed during the final request...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: A upper-bound check has been added to user inputs in the signal ioctl function. Extremely large input values in amdgpuuserqsignalioctl can lead to a Out-of-Memory error OOM. This vulnerability could be exploited...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added a signal type check for dcn401 getphyd32clksrc Attempting to access link enc on a dpia link will cause a crash...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: designware: amdisp: Fixed the race condition involving the resume-probe function. The race condition was identified in kernel version 7.0, with the commit code 38fa29b01a6a „i2c: designware: Combine the init functions“...

CVE-2026-41893

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.25.0, the HTTP login endpoints POST /login and POST /signalk/v1/auth/login are protected by express-rate-limit default: 100 attempts per 10-minute window, configurable via HTTPRATELIMITS. The WebSocke...

Oracle Linux 9 : freerdp (ELSA-2026-16482)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-16482 advisory. - Fix double free in xfrailwindowcommon cleanup CVE-2026-26986 - Fix growth of preallocated buffers CVE-2026-27951 - Fix heap-buffer-overflow in...

Fortinet FortiAnalyzer DoS due to unsafe function in signal handler (FG-IR-26-137)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-137 advisory. - A use of potentially Dangerous Function vulnerability CWE-676 in FortiAnalyzer and FortiManager API may allow an...

Fortinet FortiManager DoS due to unsafe function in signal handler (FG-IR-26-137)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-137 advisory. - A use of potentially Dangerous Function vulnerability CWE-676 in FortiAnalyzer and FortiManager API may allow an...