CVE-2026-48524

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

CVE-2026-46125

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connection prep fails If connection preparation fails for MLO connections, then the interface is completely reset to non-MLD. In this case, we must not keep the station since it's related to the...

EUVD-2026-32354

In the Linux kernel, the following vulnerability has been resolved: md/raid1: fix memory leak in raid1run raid1run calls setupconf which registers a thread via mdregisterthread. If raid1setlimits fails, the previously registered thread is not unregistered, resulting in a memory leak of the mdthre...

CVE-2026-45899

ext4: drop extent cache when splitting extent fails...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: samsung: Fix refcount leak in ariesaudioprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when done. If extconfindedevbynode fails, it doesn't call ofnodeput Calling...

CVE-2026-31751 comedi: dt2815: add hardware detection to prevent crash

In the Linux kernel, the following vulnerability has been resolved: comedi: dt2815: add hardware detection to prevent crash The dt2815 driver crashes when attached to I/O ports without actual hardware present. This occurs because syzkaller or users can attach the driver to arbitrary I/O addresses...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line tool set developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability arises from the cp utility’s failure to properly handle the setuid and setgid bits when ownership retention fails. When copyin...

CVE-2026-23314

In the Linux kernel, the following vulnerability has been resolved: regulator: bq257xx: Fix device node reference leak in bq257xxregdtparsegpio In bq257xxregdtparsegpio, if fails to get subchild, it returns without calling ofnodeputchild, causing the device node reference leak...

BIT-ENVOY-2026-26330 Envoy global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with applyonstreamdone in the rate limit configuration is enabled and the response phase limit request fails directly, it may crash Envoy. Whe...

EUVD-2026-10807

Envoy's global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly...

EUVD-2026-10806

Envoy's global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly...

GO-2026-4539 Caddy mTLS authentication fails open in github.com/caddyserver/caddy/v2

Caddy mTLS authentication fails open in github.com/caddyserver/caddy/v2...

CVE-2025-71220 smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()

In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbdsessionrpcclose on error path in createsmb2pipe When ksmbdiovpinrsp fails, we should call ksmbdsessionrpcclose...

CVE-2022-50825 usb: typec: wusb3801: fix fwnode refcount leak in wusb3801_probe()

In the Linux kernel, the following vulnerability has been resolved: usb: typec: wusb3801: fix fwnode refcount leak in wusb3801probe I got the following report while doing fault injection test: OF: ERROR: memory leak, expected refcount 1 instead of 4, ofnodeget/ofnodeput unbalanced - destroy cset...

CVE-2022-50667

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix memory leak in vmwmksstataddioctl If the copy of the description string from userspace fails, then the page for the instance descriptor doesn't get freed before returning -EFAULT, which leads to a memleak...

MAL-2025-48427 Malicious code in batchw-test-common-config (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af5e9b5b07a6f6f901ab96aa3b48d3b80dc1c0928d03c4cd4018422a15ced54b Any computer that has this package installed or running should be considered...

Linux Distros Unpatched Vulnerability : CVE-2023-53528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix unsafe drain work queue code If createqp does not fully succeed it is possible...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986824)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986824 advisory. In the Linux kernel, the following vulnerability has been resolved: hwmon: ibmpex Fix possible UAF when ibmpexregisterbmc fails Smatch report warning as follows:...

EUVD-2022-55338

Malicious code in bioql PyPI...

EUVD-2021-33067

Malicious code in bioql PyPI...