EUVD-2026-38886

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fsmetaaops ino:2...

CVE-2026-48732

Warp prior to version 0.2026.05.06.15.42.stable_01 contains a command injection in the legacy SSH background command path: the remote working directory from the SSH session is embedded into a shell command without escaping, allowing an attacker-controlled path (host/repo/dir) to inject arbitrary ...

EUVD-2026-39014

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

Important: Red Hat Security Advisory: python3.14 security, bug fix, and enhancement update

An update for python3.14 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

NocoBase - SQL Injection

NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. id:...

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

EUVD-2026-38589

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, in BeanDeserializer.deserializeUsingPropertyBased, the active-view @JsonView filter was applied only to creator properties; the regular...

CVE-2026-54019

Open WebUI CVE-2026-54019 describes an ACL bypass in Milvus multitenancy mode. Before version 0.9.6, collection-level ACL checks exist but can be bypassed when an attacker supplies user-controlled, unknown collection names, which Milvus treats as a resource_id and interpolates into an unsafe expr...

CVE-2026-54019 Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as...

CVE-2026-56424

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

EUVD-2026-38227

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

GHSA-P67V-3W7G-WJG7 Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime

Summary Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could read invalid memory and potentially segfault. This is only reachable when application co...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: A sanity check was added for the F2FSInlineDATA flag in the inode during garbage collection GC. The syzbot reports the following f2fs bug: ------------ Cut here ------------ Kernel BUG: At fs/f2fs/inline.c:258 CPU: 1 PID: 3...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: The backend for setting up DEAD bits was changed to use the GC transaction API. The old and buggy gc API and the busy mark approach have been replaced with the GC transaction API. No set elements are remov...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fixed a race condition between namespace cleanup and garbage collection for the list:set type. Lion Ackermann reported that there is a race condition between namespace cleanup in ipset and garbage collection of...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: afunix: Initialize sccindex in unixaddedge. Quang Le reported that the AFUNIX GC could garbage-collect a receive queue of an alive in-flight socket, with a detailed repro. The repro consists of three stages. 1 Create a single...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the sanity check on summary information As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=216456 BUG: KASAN: use-after-free in recoverdata+0x63ae/0x6ae0 f2fs Read of size 4 at addr...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: afunix: Fixed the garbage collector’s race condition with connect The garbage collector does not consider the risk of an “embryo” being enqueued during garbage collection. If such an “embryo” has a peer that carries SCMRIGHTS, tw...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: Fixed an issue with overlapping expiration walks. The lazy garbage collection during insertion, which should remove entries when the timeout occurs, fails to properly release the remaining part of the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: keys: Fixed UAF in keyput Once a key’s reference count is reduced to 0, the garbage collector thread may destroy it at any time. Therefore, keyput is no longer allowed to access the key after that point. The only action that keyp...