CVE-2025-71314

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthorgpuflushcaches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can recov...

EUVD-2025-210057

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthorgpuflushcaches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can recov...

EUVD-2026-34089

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

CVE-2026-44582

A flaw was found in Next.js. React Server Component responses are vulnerable to cache poisoning in deployments that use shared caches without proper response partitioning. An attacker can exploit collisions in the rsc cache-busting value to poison cache entries. This allows users to receive...

PT-2026-45985

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthor gpu flush caches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can...

Linux Distros Unpatched Vulnerability : CVE-2026-44582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be...

SUSE CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

[SECURITY] Fedora 43 Update: haveged-1.9.22-1.fc43

A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...

[SECURITY] Fedora 44 Update: haveged-1.9.21-1.fc44

A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...

CVE-2026-44576

A flaw was found in Next.js, a React framework for building web applications. This vulnerability, related to cache poisoning, affects applications utilizing React Server Components RSC when shared caches fail to properly partition response variants. A remote attacker can exploit this by causing a...

PT-2026-42727

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splw update block options and lwp clean weather transients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mm/slabcommon: The corruption of the slabcaches list after kmemcacheDestroy has been fixed. After the commit in “Fixes”, if a module that creates a slab cache does not release all of its allocated objects before destroying the...

kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged...

CVE-2026-44582

Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...

CVE-2026-44576

Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...

CVE-2026-44582 Next.js: Cache poisoning via collisions in React Server Component cache-busting

Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...

CVE-2026-44582 Next.js: Cache poisoning via collisions in React Server Component cache-busting

Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...

CVE-2026-44582

Next.js (React Server Components) versions 13.4.6–before 15.5.16 and 16.2.5 are vulnerable to cache poisoning in deployments using shared caches with insufficient response partitioning. The issue stems from collisions in the _rsc cache-busting value, which can cause an attacker to serve a poisone...

CVE-2026-44581 Next.js: Cross-site scripting in App Router applications using CSP nonces

Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derive...

CVE-2026-44576

CVE-2026-44576 affects Next.js (React Server Components). In affected versions 14.2.0 to before 15.5.16 and 16.2.5, shared caches that do not properly partition response variants can poison the cache by serving an RSC response from the original URL, causing subsequent visitors to receive componen...