GHSA-35WC-CVQG-78FP twig/intl-extra: Unbounded formatter memoisation in keyed on template-controlled arguments

Description IntlExtension memoises every \IntlDateFormatter and \NumberFormatter it creates in instance-level arrays keyed on a hash that includes locale, pattern, attrs and other values that are ordinary named arguments of the formatdatetime / formatdate / formattime / formatnumber /...

twig/intl-extra: Unbounded formatter memoisation in keyed on template-controlled arguments

Description IntlExtension memoises every \IntlDateFormatter and \NumberFormatter it creates in instance-level arrays keyed on a hash that includes locale, pattern, attrs and other values that are ordinary named arguments of the formatdatetime / formatdate / formattime / formatnumber /...

NocoDB: Stale Auth Cache After API Token Deletion

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

PT-2026-42680

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

PT-2026-42588

Description IntlExtension memoises every IntlDateFormatter and NumberFormatter it creates in instance-level arrays keyed on a hash that includes locale, pattern, attrs and other values that are ordinary named arguments of the format datetime / format date / format time / format number / format...

PT-2026-42622

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: lib/testhmm.c: Handling of allocation failures for srcpfns and dstpfns The kcalloc function used in dmirrordeviceevictchunk will return null if physical memory runs out. As a result, if srcpfns or dstpfns is dereferenced, a null...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: vfs: Do not evict inode under the inode lru traversing context The inode reclaiming process see function pruneicachesb collects all reclaimable inodes and marks them with the IFREEING flag. At that time, other processes will b...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: “Reapply ‘drm/qxl: simplify qxlfencewait’” This change reverts to the commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reported: “I tried running my tests on my virtual machines, but the tests failed upon boot-up...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Fixed a lockup issue caused by a race condition between inode eviction and inode caching. This race condition could cause the struct btrfsinode structure to be missing from the root-inodes xarray. Specifically, there is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Do not allow eviction of BOs within the same VM in an array of VM binds. An array of VM binds may potentially evict other buffer objects BOs within the same VM under certain conditions, which could lead to NULL pointer...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: blk-crypto: made blkcryptoevictkey more robust. If blkcryptoevictkey determines that the key is still in use due to a bug or that -keyslotevict failed, it currently simply returns without unlinking the key from the keyslot...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: fscrypt: The destroykeyring function must be called after securitysbdelete. The fscryptDestroykeyring function must be called after all potentially-encrypted inodes have been evicted; otherwise, it cannot safely destroy the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Do not leak a resource on eviction error. For eviction errors other than -EMULTIHOP, we were leaking a resource. Fix. v2: - Avoid using another “goto” statement. Andi Shyti...

OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals

Summary The custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, repeated connection churn can therefore grow the queue without bound and exhaust heap memory. Details Th...

GHSA-962Q-HWM5-52X5 OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals

Summary The custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running instrumented JVMs, repeated connection churn can therefore grow the queue without bound and exhaust heap memory. Details Th...

PT-2026-41787

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description A memory leak exists in the custom CappedConcurrentHashMap used for Java TLS state tracking. The remove function deletes entries from the map but fails to remove the...

curl: cookie: case-insensitive path comparison in replace_existing() allows cookie eviction across distinct paths

Hi all, replaceexisting in lib/cookie.c compares cookie paths case-insensitively at two sites. On case-sensitive servers, /Admin and /admin are distinct resources and are supposed to produce distinct jar entries. Because libcurl conflates them, a Set-Cookie at one path silently evicts the cookie ...

CVE-2026-23479

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger...

CVE-2026-23479

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger...