kernel: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock

A vulnerability was found in the Linux kernel's Controller Area Network CAN protocol, within the J1939 protocol implementation. This issue occurs due to a potential deadlock caused by a race condition involving three locks: j1939sockslock, activesessionlistlock, and sksessionqueuelock. This issue...

CVE-2025-67399

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device is open to access...

PT-2026-2908

Name of the Vulnerable Software and Affected Versions AIRTH SMART HOME AQI MONITOR Bootloader version 1.005 Description An issue allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device. The UART port is...

CVE-2025-67399

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device is open to access...

AIRTH SMART HOME AQI MONITOR Bootloader 安全漏洞

The AIRTH SMART HOME AQI MONITOR Bootloader is the underlying software for an air quality detector from AIRTH India. A security vulnerability exists in AIRTH SMART HOME AQI MONITOR Bootloader version 1.005, which originates from physical proximity Attackers can access the BK7231N controller throu...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001468)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001468 advisory. A use-after-free flaw was found in ncirequest in net/nfc/nci/core.c in NFC Controller Interface NCI in the Linux kernel. This flaw could allow a local attacker with...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001671)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001671 advisory. Improper access control in the IntelR Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable...

RHEL 9 : kernel-rt (RHSA-2026:0534)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0534 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001127)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001127 advisory. The Serial Attached SCSI SAS implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of servic...

CVE-2025-68804

CVE-2025-68804 relates to the Linux kernel component platform/chrome: cros_ec_ishtp, where a UAF occurs after a driver is unbound because the EC device isn’t unregistered in the driver’s .remove(), leaving a kthread (cros_ec_console_log_work) that may access the device. Effect: crash due to use-a...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skipping DIMM enumeration on a disabled memory controller When loading the i10nmedac driver on some Intel Granite Rapids servers, a call trace may appear as follows: UBSAN: Shift-out-of-bounds in...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Check the running state of GuC before deregistering an exec queue. During normal operation, a registered exec queue is disabled and deregistered through GuC. The resources are only freed after GuC confirms completion...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the defVals parameter in the Edit Document Controller. An attacker can insert unauthorized data into restricted database fields by bypassing field-level access checks during record creation, provided the user...

Incorrect Authorization

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Incorrect Authorization via the defVals parameter in the Edit Document Controller. An attacker can insert unauthorized data into restricted database fields by...

CVE-2025-59020 TYPO3 CMS Allows Broken Access Control in Edit Document Controller

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

EUVD-2026-2090

By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced s...

CVE-2025-59020

The CVE-2025-59020 issue in TYPO3 CMS arises from abusing the defVals parameter to bypass field-level access checks during backend record creation. This allows insertion of data into restricted exclude fields for tables where the user has write access to a limited set of fields. Affected TYPO3 ve...

kernel: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync

A flaw was found in the Linux kernel’s Bluetooth subsystem HCI. Specifically, in the function hciaclcreateconnsync and related path hcilecreateconnsync, a connection object in state BTOPEN that is still pending command submission may be freed prematurely, leading to a use-after-free condition. An...

PT-2026-2402

Name of the Vulnerable Software and Affected Versions WAGO 750-8212 PFC200 G2 2ETH RS firmware affected versions not specified Description The WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a flaw that allows privilege escalation. An attacker can manipulate user session cookies to gain...

WAGO 安全漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is a digital algorithmic operating electronics system specifically designed for applications in industrial environments. A security vulnerability exists in WAGO that stems from the ability to manipulate user...