CVE-2026-53309

In CVE-2026-53309, the Linux kernel OCFS2 DLM region comparison had an off-by-one in dlm_match_regions(), where the local-vs-remote loop used <= instead of <, causing reading beyond the valid range of qr_regions. The fix changes the loop condition to < for consistency and correctness. Th...

CVE-2026-53284

CVE-2026-53284 concerns the Linux kernel’s btrfs subsystem. The vulnerability is described as resolved: it hinges on the behavior of releasing the dirty pages io tree after writes. The provided description explains that, after attempting to write all dirty extent buffers, the code proceeds to rel...

CVE-2026-55686

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...

EUVD-2026-39808

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...

CVE-2026-52952

A flaw was found in the Linux kernel's Input/Output Memory Management Unit IOMMU subsystem, which manages how devices access system memory. A race condition, a situation where multiple operations occur in an unpredictable order, exists during device recovery when multiple memory domains are being...

CVE-2026-52990

A flaw was found in the Linux kernel. A local attacker could exploit a race condition in the fsnotifyrecalcmask function, which fails to properly handle an inode reference. This improper handling can lead to an inode reference leak, causing tasks to hang and resulting in a Denial of Service DoS f...

CVE-2026-53269

A flaw was found in the Linux kernel's netfilter synproxy component. This vulnerability is caused by a race condition during the on-demand registration of netfilter hooks. A local user with privileges to modify netfilter rules could exploit this flaw by concurrently adding iptables targets or...

CVE-2026-53239

A flaw was found in the Linux kernel. A race condition exists in the xfrm policy handling, specifically within the xfrmpolicybyselctx function. This flaw allows for a use-after-free vulnerability, where memory is accessed after it has been released. This can lead to system instability or a denial...

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

Webmin < 1.920 - Authenticated Remote Code Execution

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

CVE-2026-53160

A flaw was found in the Linux kernel's fastrpc component. A race condition in the fastrpcmapcreate function allows for a use-after-free vulnerability. This could enable an attacker to cause system instability, disclose sensitive information, or potentially execute unauthorized code...

CVE-2026-53262

A flaw was found in the Linux kernel's pppol2tp module. This Use-After-Free UAF vulnerability arises from improper handling of session references within the pppol2tpioctl function. A local attacker could exploit this by triggering a race condition during data copying, leading to the dereferencing...

CVE-2026-52945

A flaw was found in the Linux kernel's WireGuard component. Under heavy network load, particularly when used with Cilium, the threaded NAPI New API implementation can cause the decryption side for a WireGuard peer to stop processing traffic. This leads to a complete stall of network communication...

CVE-2026-53117

A flaw was found in the Linux kernel, specifically within the s390/cio component. When a driver is being probed, a race condition can occur where the driveroverride field is accessed without proper locking. This can lead to a Use-After-Free UAF vulnerability, which may result in system instabilit...

CVE-2026-53034

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF and sockmap components, specifically within the afunix socket operations. A race condition occurs during the connection process where a socket's state is updated before its peer is fully assigned. This timing issue can lead to a...

CVE-2026-53018

A flaw was found in the Linux kernel's f2fs filesystem. During garbage collection, a race condition can occur when a page is moved and updated, but the system attempts to read it again from an outdated location. This can trigger a kernel bug, leading to a system crash and a denial of service DoS....

CVE-2026-53050

A flaw was found in the Linux kernel. A race condition exists between the dquotscanactive function and quota deactivation within quotareleaseworkfn. This vulnerability could allow a local attacker to cause memory corruption by manipulating quota operations, potentially leading to system instabili...

CVE-2026-53033

A flaw was found in the Linux kernel's sockmap functionality. A race condition exists in the unixstreambpfupdateproto function when a BPF Berkeley Packet Filter iterator program updates a sockmap. This can lead to a use-after-free UaF vulnerability, where memory is accessed after it has been free...

CVE-2026-53259

A flaw was found in the Linux kernel, specifically within its management of IPv6 anycast addresses. A timing issue, known as a race condition, can occur when these addresses are added and removed from a system's internal list. This can lead to the system attempting to access memory that has alrea...