Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: WireGuard: netlink: Check for a dangling peer via isdead instead of an empty list If all peers are removed using wgpeerremoveall, rather than setting peerlist to empty, the peer is added to a temporary list at the beginning of...

CVE-2026-28806

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

CVE-2026-23277

CVE-2026-23277 (TEQL NULL pointer dereference in iptunnel_xmit) is fixed in Linux kernel TEQL transmit path. When a GRE Gretap tunnel is TEQL slave, teql_master_xmit() transmits via netdev_start_xmit() without updating skb->dev to the slave. iptunnel_xmit then uses the original dev from skb-&g...

CVE-2026-28806

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

CVE-2026-28806

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

EUVD-2026-10904

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

CVE-2026-28806

CVE-2026-28806 describes an improper authorization in nerves-hub_web that allows cross-organization device control via device bulk actions and the device update API. Missing authorization checks enable authenticated users to target devices belonging to other organizations by manipulating device i...

CVE-2026-28806

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

EEF-CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control

Summary Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices...

PT-2026-24471

Name of the Vulnerable Software and Affected Versions nerves-hub nerves hub web versions 1.0.0 through 2.3.9 Description An improper authorization issue exists in nerves-hub nerves hub web that allows cross-organization device control through device bulk actions and the device update API. Missing...

High-severity Qualcomm bug hits Android devices in targeted attacks

Google has patched 129 vulnerabilities in Android in its March 2026 Android Security Bulletin, including a Qualcomm display flaw that is known to be actively exploited. You can check your device’s Android version, security update level, and Google Play system update in Settings. You should get a...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1430)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1430 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicate device on updates CVE-2025-38678 In the Linux kernel, the following vulnerability has...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicate device on updates CVE-2025-38678 In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise CVE-2025-40040 In the Lin...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the recursive execution of the network device function update logic, which could lead to a stack overflow...

Wear OS Security Bulletin—December 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2025-12-05 or later from the December 2025 Android Security Bulletin in addition to all issues in this bulletin. We encourage al...

SUSE CVE-2025-40135

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6xmit Use RCU in ip6xmit in order to use dstdevrcu to prevent possible UAF...

Security update for kernel-livepatch-MICRO-6-0_Update_2

This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: CVE-2024-49974: NFSD: limit the number of concurrent async COPY operations bsc1232384 CVE-2025-21971: netsched: Prevent creation of classes with TCHROOT bsc1245794 CVE-2025-38206: exfat: fix double free in delayedfree...

Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-15050055110 fixes several issues. The following security issues were fixed: CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...

Security update for the Linux Kernel (Live Patch 43 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024173 fixes several issues. The following security issues were fixed: CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...