Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.26.1 Release.

Red Hat OpenShift Dev Spaces 3.26.1 has been released. 3.26.1 includes CVE fixes for CVE-2025-15467, CVE-2025-6176, CVE-2026-1761, CVE-2026-0719, CVE-2025-61732, and CVE-2025-61726. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams an...

UBUNTU-CVE-2026-23192

In the Linux kernel, the following vulnerability has been resolved: linkwatch: use devput in callers to prevent UAF After linkwatchdodev calls devput to release the linkwatch reference, the device refcount may drop to 1. At this point, netdevruntodo can proceed since linkwatchsyncdev sees an empt...

CVE-2026-23192 linkwatch: use __dev_put() in callers to prevent UAF

In the Linux kernel, the following vulnerability has been resolved: linkwatch: use devput in callers to prevent UAF After linkwatchdodev calls devput to release the linkwatch reference, the device refcount may drop to 1. At this point, netdevruntodo can proceed since linkwatchsyncdev sees an empt...

CVE-2026-23192

In the Linux kernel, the following vulnerability has been resolved: linkwatch: use devput in callers to prevent UAF After linkwatchdodev calls devput to release the linkwatch reference, the device refcount may drop to 1. At this point, netdevruntodo can proceed since linkwatchsyncdev sees an empt...

CVE-2026-23192

Summary (CVE-2026-23192) : This is a use-after-free in the Linux kernel’s linkwatch subsystem. When a network device is deleted while linkwatch events are pending, the device reference may be freed prematurely (in linkwatch_do_dev), allowing __linkwatch_run_queue to access a freed device. The fix...

CVE-2026-23192

In the Linux kernel, the following vulnerability has been resolved: linkwatch: use devput in callers to prevent UAF After linkwatchdodev calls devput to release the linkwatch reference, the device refcount may drop to 1. At this point, netdevruntodo can proceed since linkwatchsyncdev sees an empt...

CVE-2026-23160 octeon_ep: Fix memory leak in octep_device_setup()

In the Linux kernel, the following vulnerability has been resolved: octeonep: Fix memory leak in octepdevicesetup In octepdevicesetup, if octepctrlnetinit fails, the function returns directly without unmapping the mapped resources and freeing the allocated configuration memory. Fix this by jumpin...

CVE-2026-23113

In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: check IOWQBITEXIT inside work run loop Currently this is checked before running the pending work. Normally this is quite fine, as work items either end up blocking which will create a new worker for other items, or...

CVE-2026-23121 mISDN: annotate data-race around dev->work

In the Linux kernel, the following vulnerability has been resolved: mISDN: annotate data-race around dev-work dev-work can re read locklessly in mISDNread and mISDNpoll. Add READONCE/WRITEONCE annotations. BUG: KCSAN: data-race in mISDNioctl / mISDNread write to 0xffff88812d848280 of 4 bytes by...

CVE-2026-23121

Technical details for CVE-2026-23121 are not provided in the supplied documents. No affected products, root cause, or remediation are stated here. Monitor for updates from the vendor/security advisories.

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the reuse of the linkwatchdodev function after it is released. This vulnerability could potential...

Linux Distros Unpatched Vulnerability : CVE-2026-23113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/io-wq: check IOWQBITEXIT inside work run loop Currently this is checked before running the pending work. Normally this is quite fine, as work items eith...

CVE-2026-26190 Milvus Allows Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

Debian: Security Advisory (DLA-4477-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.26.0 Release.

Red Hat OpenShift Dev Spaces 3.26.0 has been released. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.26 release is based on...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-25881 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-25881 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15253532...

CVE-2026-22592

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

`polymarket-clients-sdk` was removed from crates.io for malicious code

It appeared to be typosquatting existing crate polymarket-client-sdk clients vs client and attempting to steal credentials from local files. The malicious crate had 6 versions published on 2026-02-05 and had been downloaded only 59 times. There were no crates depending on this crate on crates.io...

CVE-2026-24135 Gogs vulnerable to arbitrary file deletion via path traversal in wiki page update

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulatin...

CVE-2026-24135

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulatin...