CVE-2026-43042

In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platformlabel,s pair The RCU-protected codepaths mplsforward, mplsdumproutes can have an inconsistent view of platformlabels vs platformlabel in case of a concurrent resize...

EUVD-2026-26641

In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platformlabel,s pair The RCU-protected codepaths mplsforward, mplsdumproutes can have an inconsistent view of platformlabels vs platformlabel in case of a concurrent resize...

CVE-2026-43042 mpls: add seqcount to protect the platform_label{,s} pair

In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platformlabel,s pair The RCU-protected codepaths mplsforward, mplsdumproutes can have an inconsistent view of platformlabels vs platformlabel in case of a concurrent resize...

CVE-2026-43023 Bluetooth: SCO: fix race conditions in sco_sock_connect()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...

EUVD-2026-26622

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...

CVE-2026-43023

CVE-2026-43023 affects the Linux kernel Bluetooth SCO path. A race condition in sco_sock_connect() allows two concurrent connect() attempts on the same socket to bypass locks, leading to use-after-free and potential socket/state corruption (BT_OPEN -> BT_CONNECT with zombie sk). The issue is d...

CVE-2026-31769

In the Linux kernel, the following vulnerability has been resolved: gpib: fix use-after-free in IO ioctl handlers The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the descriptor via...

PT-2026-36436

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the Bluetooth component. In the set cig params sync function, the lookup and field access of hci conn are not properly protected by the hdev lock,...

PT-2026-36440

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Bluetooth SCO component. The function sco sock connect performs checks on sk state and sk type without holding the socket lock. This allows two concurrent...

PT-2026-36459

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description RCU-protected codepaths, specifically mpls forward and mpls dump routes, can maintain an inconsistent view of platform labels versus platform label during a concurrent resize operation...

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

CVE-2026-36958

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

EUVD-2026-26379

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

PT-2026-36104

A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP server. This causes the...

Exploit for CVE-2026-36958

CVE-2026-36958: Denial of Service via Concurrent HTTP Requests...

CVE-2026-26206

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the...

CVE-2026-26206 Wazuh: API brute-force protection bypass via race condition in login attempt tracking

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the...

EUVD-2026-26268

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the...

CVE-2026-26206

Wazuh server API brute-force protection for POST /security/user/authenticate can be bypassed via a race condition when handling concurrent authentication requests. From versions 4.0.0 up to before 4.14.4, sequential requests honor the max_login_attempts threshold (default 50) but parallel bursts ...