1663 matches found
EUVD-2026-38892
In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with the following trace with CONFIGINITONFREEDEFAULTON=y: BUG: kernel NULL...
EUVD-2026-38667
The SecuforOAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to disconnect the WordPress...
CVE-2026-56280 Cap-go - Privilege Inversion in Build Log Stream via SSE Disconnect
Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect using the privileged...
CVE-2026-54280
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...
CVE-2026-54280
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...
CVE-2026-54280 AIOHTTP: Payload Response Resources Are Not Closed After Mid-Body Disconnect
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...
CVE-2026-54280
CVE-2026-54280 affects AIOHTTP. Before 3.14.1, payload resources may not be closed if a client disconnects during a write, risking temporary resource starvation (e.g., open files) with no additional impact details provided. The issue is fixed in 3.14.1. The CVSS-based note in the initial data ind...
kernel: ipv6: use RCU in ip6_output()
A use-after-free flaw was found in ip6finishoutput2 in net/ipv6/ip6output.c in ipv6 access. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...
PT-2026-51406
Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description A privilege inversion issue exists in the 'GET /build/logs/:jobId' endpoint. This endpoint utilizes Server-Sent Events SSE to stream output and registers an abort listener that invokes the...
Linux Distros Unpatched Vulnerability : CVE-2026-54280
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client...
Astra Linux – Vulnerability in Linux 5.15
A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw exists in the processing of SMB2TREEDISCONNECT commands. The issue arises due to the lack of proper locking when performing operations on an object. An attacker can exploit...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fixed an Oops after disconnection in niusb. If the USB dongle is disconnected, subsequent calls to the driver will cause a NULL dereference Oops, as the businterface is set to NULL upon disconnection. This issue w...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: In hcievent, there is a callback for call disconnect that is called before the connection is deleted. In hcicsdisconnect, we call hciconndel even if the disconnection fails. ISO, L2CAP, and SCO connections refer to...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fixed the WARN message in netifnapidellocked when a USB device is disconnected. The redundant call to netifnapidel was removed from the disconnect path. A WARN message may be triggered in netifnapidellocked...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Fixed a use-after-free when USB is disconnected. After the powerzdisconnect function frees the URB and releases the mutex, a subsequent powerzread call can acquire the mutex and call powerzreaddata, which dereferenc...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Most: USB – Fix for use-after-free in hdmdisconnect The hdmdisconnect function calls mostderegisterinterface, which ultimately unregisters the MOST interface device using deviceunregisteriface-dev. If this action drops the last...
Astra Linux – Vulnerability in bluez
In BlueZ before version 5.55, a double-free error was detected in the gatttool disconnectcb routine from the shared/att.c file. A remote attacker could potentially cause a denial of service or code execution during service discovery, due to the redundant disconnect MGMT event...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure context reset on disconnect After the committed code below, if the MPC subflow is already in the TCPCLOSE status or has fallen back to TCP at the mptcpdisconnect time, mptcpdofastclose skips setting the sendfastclos...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: Fixed UAF in hcidisconnectallsync A use-after-free can occur in hcidisconnectallsync if a connection is deleted due to concurrent processing of a controller event. To prevent this, the code now attempts to...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: xdp: fixed an invalid wait context in pagepoolDestroy If the driver uses a page pool, it creates a page pool using pagepoolcreate. The reference count of the page pool is 1 by default. A page pool will only be destroyed when its...