PT-2026-43946

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A null-pointer dereference occurs in the rbd module when device add disk fails after device add has successfully published the device. In this scenario, the error path triggers a double...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of checking the InSync flag when reading bitmap pages. This vulnerability may lead to th...

CVE-2026-41863 LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

Security information for Hitachi Disk Array Systems

Overview CVE-2026-23667 | Broadcast DVR Elevation of Privilege Vulnerability CVE-2026-23668 | Windows Graphics Component Elevation of Privilege Vulnerability CVE-2026-23669 | Windows Print Spooler Remote Code Execution Vulnerability CVE-2026-23671 | Windows Bluetooth RFCOM Protocol Driver Elevati...

NPM: NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

NPM: NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

Summary The uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to download arbitrarily large files, exhausting disk space and causing denial of...

GHSA-99VC-2JX2-688P NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

Summary The uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to download arbitrarily large files, exhausting disk space and causing denial of...

CVE-2026-44931

A flaw was found in malcontent. The newly introduced RecordUsage D-Bus Desktop Bus method in malcontent-timerd allows any user on the system to slowly consume disk space in the /var/lib/malcontent-timerd directory. This can lead to a Denial of Service DoS by exhausting available disk resources,...

PT-2026-42677

Name of the Vulnerable Software and Affected Versions NocoDB affected versions not specified Description The uploadViaURL path in the v1/v2 attachment API fails to enforce the NC ATTACHMENT FIELD SIZE limit against the remote content-length or the response stream. An authenticated user with Edito...

PT-2026-42609

Summary The uploadViaURL path in the v1/v2 attachment API did not enforce NC ATTACHMENT FIELD SIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to download arbitrarily large files, exhausting disk space and causing denial ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed corruption of q-blkglist during disk rebinding. Multiple instances of the gendisk function can be allocated/added for a single request queue during disk rebinding. As a result, blkg may still remain in q-blkgli...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: nbd: Fixed a UAF Use-after-Allocation in nbdopen. The commit 4af5f2e03013 “nbd: Use blkmqallocdisk and blkcleanupdisk“” addresses the issue where blkcleanupdisk no longer sets disk-privatedata to NULL. A UAF could potentially...

Astra Linux - уязвимость в qemu

A bug in QEMU could cause a guest I/O operation that is normally directed to an arbitrary disk offset to be directed instead to offset 0. This could potentially overwrite the VM’s boot code. For example, this could be exploited by L2 guests who have a virtual disk vdiskL2 stored on the virtual di...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: block: ublk: Ensure that the block size is set correctly. The block size is a very important setting for the block layer. An incorrect block size can easily cause the kernel to panic. Make sure that the block size is set correctl...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: udf: Do not update the file length when a write to an inline file fails. When a write to an inline file fails or fails partially, we still update the length of the inline data as if the entire write was successful. This issue is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: The blkallocextminor function fixes the issue where the maximum minor value is blkallocextminor. The idaallocrange... min, max,... function returns values ranging from min to max, including both endpoints. Therefore, NREXTDEVT is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dm: limiting swapping tables for devices with zone write plugs The dmrevalidatezones function only allows new or previously unzoned devices to call blkrevalidatediskzones. If the device was already zoned, disk-nrzones would alway...

Astra Linux - уязвимость в ceph

A key length flaw was discovered in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed during the encryption algorithm process, resulting in the creation of a non-random key. Such a key is weaker and can be exploited to compromise the confidentiality...

Astra Linux - уязвимость в zabbix

The Zabbix Agent 2 item key “smart.disk.get” does not sanitize its parameters before passing them to a shell command, which may lead to a vulnerability for remote code execution...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: block: fixed leakage of debugfs entries caused by blktrace. The commit 99d055b4fd4b “block: removed per-disk debugfs files in blkunregisterqueue” moves the blkTraceShutdown function to blkUnregisterQueue. This is safe if blktrace...