EUVD-2026-36727

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

SUSE CVE-2026-46233

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...

CVE-2026-46233

CVE-2026-46233 affects the Linux kernel batman-adv component (batadv_bla_purge_claims). The issue arises when iterating the claims list with an rcu_read_lock() and encountering a claim being released, potentially setting backbone_gw to NULL before the delayed kfree, making batadv_bla_claim_get_ba...

CVE-2026-46233 batman-adv: bla: only purge non-released claims

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...

PT-2026-6133

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to the uacce subsystem and safe queue release. Directly calling the put queue function poses a risk because it does not guarantee that resource...

DRUPAL-CONTRIB-2025-025

This module can be used to render Open API Documentation using the RapiDoc library. The module provides a custom formatter for link fields. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site Scripting vulnerability XSS. A separate fix for Drupal cor...