CVE-2026-23245 net/sched: act_gate: snapshot parameters with RCU on replace

In the Linux kernel, the following vulnerability has been resolved: net/sched: actgate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list. Convert the parameters to an RCU-protected snapshot and swap update...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the actGate operation not providing RCU snapshot protection when replacing parameters, potentially...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.20 and 8.6.44 contain security vulnerabilities. These vulnerabilities stem from a prototype pollution issue in the deep...

Linux Distros Unpatched Vulnerability : CVE-2026-23245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: actgate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list...

Prototype Pollution

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Prototype Pollution in the deep copy mechanism. An attacker can inject unauthorized fields into class schemas and bypass...

Parse Server vulnerable to schema poisoning via prototype pollution in deep copy

Impact An attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that exploits prototype pollution in the deep copy mechanism. This allows injecting fields into class schemas that have field addition locked...

GHSA-9CCR-FPP6-78QF Parse Server vulnerable to schema poisoning via prototype pollution in deep copy

Impact An attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that exploits prototype pollution in the deep copy mechanism. This allows injecting fields into class schemas that have field addition locked...

kernel: svcrdma: use rc_pageoff for memcpy byte offset

In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rcpageoff for memcpy byte offset svcrdmacopyinlinerange added rccurpage page index to the page base instead of the byte offset rcpageoff. Use rcpageoff so copies land within the current page. Found by ZeroPath...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the uclobjectemit function when operating in UCLPARSERZEROCOPY mode and processing input containing a key with an embedded null byte. An attacker can cause a segmentation fault and disrupt service by submitting...

PT-2026-26177

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below Description SiYuan, a personal knowledge management system, has an issue where the /api/lute/html2BlockDOM endpoint on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace...

ROS-20260317-73-0004

A vulnerability in the p54rxeepromreadback function of the wifi component of the Linux operating system kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260317-73-0027

A vulnerability in the hidhwrawrequest function of the Low Level Transport driver of the Linux kernel is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

GHSA-9F3R-2VGW-M8XP File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter

Description The resourcePatchHandler in http/resource.go validates the destination path against configured access rules before the path is cleaned/normalized. The rules engine rules/rules.go uses literal string prefix matching strings.HasPrefix or regex matching against the raw path. The actual...

File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter

Description The resourcePatchHandler in http/resource.go validates the destination path against configured access rules before the path is cleaned/normalized. The rules engine rules/rules.go uses literal string prefix matching strings.HasPrefix or regex matching against the raw path. The actual...

GHSA-G2F6-PWVX-R275 OpneClaw accepts unsanitized iMessage attachment paths which allowed SCP remote-path command injection

Summary openclaw versions :. In affected releases, the remote host was normalized but the remote attachment path was not validated for shell metacharacters before being passed to the SCP remote operand. A sender-controlled iMessage attachment filename containing shell metacharacters could therefo...

SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets

Summary POST /api/file/globalCopyFiles reads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ or Docker secrets into the workspace an...

GHSA-H5VH-M7FG-W5H6 SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets

Summary POST /api/file/globalCopyFiles reads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ or Docker secrets into the workspace an...

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through the globalCopyFiles file-copy process and IsSensitivePath path filter in the kernel file handling components. An attacker can exfiltrate readable sensitive files, including environment...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-1313)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : scsi: mpt3sas: Fix crash in transport port remove by using iocinfoCVE-2025-40115 scsi: target: Fix WRITESAME No Data Buffer crashCVE-2022-21546...

PT-2026-25856

Name of the Vulnerable Software and Affected Versions File Browser versions 2.61.2 and below Description File Browser, a file managing interface, has an issue where an authenticated user with Create or Rename permissions can bypass administrator-configured deny rules. This is due to the order in...