CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/21 5:59 p.m.•1 views

GHSA-HGV7-V322-MMGR @sveltejs/kit: `query.batch` cross-talk

query.batch could, under very rare and specific timings, cause concurrent requests from different users to merge and resolve under single request context, enabling cross-user data disclosure...

5.9CVSS5.8AI score

Github Security Blog•added 2026/05/21 5:59 p.m.•8 views

@sveltejs/kit: `query.batch` cross-talk

query.batch could, under very rare and specific timings, cause concurrent requests from different users to merge and resolve under single request context, enabling cross-user data disclosure...

5.8AI score

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/21 12:0 a.m.•4 views

PT-2026-42644

Impact A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get epoch chunks which iterates backwards through macro blocks using Policy::macro block before. When it reaches the genesis block number, macro block before...

5.3CVSS5.8AI score

Exploits0References6

Positive Technologies•added 2026/05/21 12:0 a.m.•8 views

PT-2026-42671

Impact A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get epoch chunks which iterates backwards through macro blocks using Policy::macro block before. When it reaches the genesis block number, macro block before...

5.3CVSS5.8AI score

Exploits0References6

AstraLinux•added 2026/05/20 5:53 a.m.•10 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not corrupt the pfn list when doing batch carry If batch-end is 0, then setting npfns0 before computing the new value of pfns will fail to adjust the pfn, resulting in various page accounting corruptions. This issue...

5.5CVSS5.7AI score0.00025EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: The senddone handler now handles completion without using IBSENDSIGNALED. With smbdirectsendbatch, we likely have requests that do not include IBSENDSIGNALED. These requests will be destroyed during the final request...

9.8CVSS5.7AI score0.00058EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.15, linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Do not ignore the genmask when looking up a chain by its ID. When adding a rule to a chain whose ID is referenced, if that chain has been deleted in the same batch, the rule might end up referencing a deleted...

7.8CVSS5.9AI score0.00017EPSS

7.8CVSS5.7AI score0.00078EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fuse: fixed the runtime warning in truncatefoliobatchexceptionals The WARNONONCE flag was introduced in truncatefoliobatchexceptionals to determine whether the filesystem has removed all DAX entries. This fix has been applied to...

5.5CVSS5.2AI score0.0004EPSS

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Rejects duplicate devices during updates. It is possible for a chain/flowtable update to include duplicate devices within the same batch. Unfortunately, the netdev event path only removes the first device...

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Added schedule points in batch operations. syzbot reported various soft lockups caused by bpf batch operations. Info: Task kworker/1:1:27 was blocked for more than 140 seconds. Info: The task got stuck in rcubarrier...

3.3CVSS6.2AI score0.00028EPSS

9.8CVSS5.4AI score0.00067EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: avoid double-free in smbdfreesendio after smbdsendbatchflush smbdsendbatchFlush already calls smbdfreesendio; therefore, we should not call it again after smbdpostsend. It has been moved to the batch list...

5.5CVSS5.4AI score0.00015EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ceph: Do not propagate page array placement errors as batch errors When fscrypt is enabled, the movedirtyfolioinpagearray function may fail because it needs to allocate bounce buffers to store the encrypted versions of each folio...

5.5CVSS5.8AI score0.00061EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: filemap: Handle sibling entries in filemapgetreadbatch. If a read race occurs, followed by an invalidation and then another read, it is possible for a folio to be replaced with a higher-order folio. If this happens, we will see a...

7.8CVSS5.3AI score0.00021EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: fixed the runtime warning in truncatefoliobatchexceptionals Commit 0e2f80afcfa6 "fs/dax: ensure all pages are idle before filesystem unmount" introduced the WARNONONCE function to check whether the filesystem has removed a...

5.5CVSS5.3AI score0.0002EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ceph: always call cephshiftunusedfoliosleft The function cephprocessfoliobatch sets foliobatch entries to NULL, which is an illegal state. Before foliobatchrelease crashes due to this API violation, the function...

9.8CVSS5.4AI score0.00067EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: server: avoid double-free in smbdirectfreesendmsg after smbdirectFlushsendlist smbdirectFlushsendlist already calls smbdirectfreesendmsg; therefore, we should not call it again after postsendmsg. It has been moved to the...

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb: server: The use of smbdirectsocket.sendio.bcredits has been addressed. It turns out that our code would corrupt the stream of reassabled data transfer messages when we trigger an immediate empty send. To fix this issue, we...

5.5CVSS5.3AI score0.00015EPSS

5.5CVSS5.8AI score0.00029EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: pfcp: The device is destroyed along with the udp socket’s netns. The pfcpnewlink function links the device to a list in devnet instead of net, where an udp tunnel socket is created. Even when net is removed, the device remains...