PT-2026-5878

Name of the Vulnerable Software and Affected Versions ELEX WordPress HelpDesk & Customer Ticketing System versions through 3.3.5 Description The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is susceptible to a missing authorization issue. This is caused by a lack of...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1423)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1423 advisory. In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps CVE-2025-40170 In the Linux kernel, the following vulnerability has been resolved:...

Important: nodejs22

Issue Overview: Bypass File System Permissions using crafted symlinks CVE-2025-55130 A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated...

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEADVAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan RAT known as AsyncRAT. "The attack...

CVE-2026-23053

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...

AZL-77157 CVE-2026-23053 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...

CVE-2026-23053

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...

UBUNTU-CVE-2026-23053

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...

CVE-2026-23053 NFS: Fix a deadlock involving nfs_release_folio()

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...

CVE-2026-23053

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...

EUVD-2026-5493

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...

CVE-2026-23053

Summary (CVE-2026-23053): A Linux kernel vulnerability in NFS can deadlock during NFSv4.1 state recovery when kthreadd tries to reclaim memory by calling nfs_release_folio(). The deadlock prevents progress in nfs_release_folio(), which delays memory reclamation. The fix implemented is to initiate...

CVE-2026-23053 NFS: Fix a deadlock involving nfs_release_folio()

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...

WordPress Sell BTC - Cryptocurrency Selling Calculator plugin <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'orderform_data' AJAX Action vulnerability

WordPress Sell BTC - Cryptocurrency Selling Calculator plugin = 1.5 - Unauthenticated Stored Cross-Site Scripting via 'orderformdata' AJAX Action vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Sell BTC – Cryptocurrency Selling Calculator versions = 1.5...

CVE-2025-14550 Potential denial-of-service vulnerability via repeated headers when using ASGI

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...

CVE-2025-14550

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...

CVE-2026-1371 Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

CVE-2026-23021 net: usb: pegasus: fix memory leak in update_eth_regs_async()

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in updateethregsasync When asynchronously writing to the device registers and if usbsubmiturb fail, the code fail to release allocated to this point resources...