CVE-2026-7111 Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption

Text::CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getlineall methods invoke registered callbacks for example afterparse, beforeprint, or...

CVE-2026-7111

Text::CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getlineall methods invoke registered callbacks for example afterparse, beforeprint, or...

Text::CSV_XS -- CWE-825 Expired Pointer Dereference

H.Merijn Brand - Tux reports: Text::CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getlineall methods invoke registered callbacks for example...

Linux Distros Unpatched Vulnerability : CVE-2026-41898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind...

CVE-2026-41898

A flaw was found in rust-openssl, a library providing OpenSSL bindings for the Rust programming language. Foreign Function Interface FFI trampolines in several SslContextBuilder callbacks did not properly validate the size of data returned by user-defined closures before passing it to OpenSSL. Th...

CVE-2026-41898

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

PT-2026-35041

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.9.24 through 0.10.77 Description FFI trampolines behind the functions set psk client callback, set psk server callback, set cookie generate cb, and set stateless cookie generate cb in SslContextBuilder forward the user...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the work item “pmsrfreewk” is not canceled in the cfg80211 component. This...

CVE-2026-41337

OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during...

EUVD-2026-25219

In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro-uniq use-after-free in rawrcv rawrelease unregisters raw CAN receive filters via canrxunregister, but receiver deletion is deferred with callrcu. This leaves a window where rawrcv may still be running in an RCU...

xfs: avoid dereferencing log items after push callbacks

...

xfs: save ailp before dropping the AIL lock in push callbacks

...

PT-2026-34768

OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers with captured valid callbacks for live calls can exploit this to manipulate callback origins during...

EUVD-2026-24793

In the Linux kernel, the following vulnerability has been resolved: xfs: save ailp before dropping the AIL lock in push callbacks In xfsinodeitempush and xfsqmdquotlogitempush, the AIL lock is dropped to perform buffer IO. Once the cluster buffer no longer protects the log item from reclaim, the...

CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports

In the Linux kernel, the following vulnerability has been resolved: team: fix headerops type confusion with non-Ethernet ports Similar to commit 950803f72547 "bonding: fix type confusion in bondsetupbyslave" team has the same class of headerops type confusion. For non-Ethernet ports,...

CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks

In the Linux kernel, the following vulnerability has been resolved: xfs: avoid dereferencing log items after push callbacks After xfsaildpushitem calls ioppush, the log item may have been freed if the AIL lock was dropped during the push. Background inode reclaim or the dquot shrinker can free th...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013689)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013689 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: use cpuhpstateremoveinstancenocalls for hisihns3pmu uninit process When teari...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013841)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013841 advisory. In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rdstcpresetcallbacks syzbot is reporting...

TLSCheck 2.0: An Enhanced Memory Forensics Approach to Efficiently Detect TLS Callbacks

Memory analysis is a crucial technique in digital forensics that enables investigators to examine the runtime state of a system through physical memory dumps. While significant advances have been made in memory forensics, the detection and analysis of Thread Local Storage TLS callbacks remain...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011000)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011000 advisory. In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rdstcpresetcallbacks syzbot is reporting...