EUVD-2026-38857

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/hisi: The second sensor, hi3660, was removed. The commit 74c8e6bffbe1 “driver core: Add allocsize hint to devm allocators” exposes a panic “BRK handler: Fatal exception” during the hi3660thermalprobe function. Thi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset the dql stats during a NONFATAL reset. All ibmvnic resets should instead call netdevtxresetqueue when reopening the device. netdevtxresetqueue resets the numqueued and numcompleted byte counters. These stats...

EUVD-2026-35872

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and...

ALPINE-CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

EUVD-2026-35197

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet...

BIT-GRAFANA-2026-28379 Viewer-triggered race condition in Grafana Live leads to complete server crash

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

CVE-2026-7635

The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta...

CVE-2026-41311

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript he...

free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

Summary free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware same root cause as free5gc/free5gc887. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into UpNodesFromConfiguration, which calls...

GHSA-44QJ-CGHF-9P97 free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

Summary free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware same root cause as free5gc/free5gc887. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into UpNodesFromConfiguration, which calls...

GHSA-RXRQ-FV76-26PR free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)

Summary free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error invokes logger.PFDManageLog.Fatalerr, which is os.Exit1-equivalent in Go...

free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)

Summary free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error invokes logger.PFDManageLog.Fatalerr, which is os.Exit1-equivalent in Go...

PT-2026-39249

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF in free5GC terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. This occurs within the PfdChangeNotifier.FlushNotifications...

CLSA-2026-1778148827 nghttp2: Fix of CVE-2023-35945

CVE-2023-35945: fix memory leak in nghttp2sessionmemsendinternal when onstreamclosecallback returns a fatal error during send-failure handling...

CVE-2026-41931 Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

CLSA-2026-1778073563 sudo: Fix of CVE-2026-35535

CVE-2026-35535: drop group privileges and supplementary groups before running the mailer in execmailer, make setuid/setgid/setgroups failures fatal, and pass user gid alongside uid when NOROOTMAILER is defined...

CLSA-2026-1777940187 sudo: Fix of CVE-2026-35535

CVE-2026-35535: make privilege drop failure fatal before running the mailer...

CLSA-2026-1777939719 sudo: Fix of CVE-2026-35535

CVE-2026-35535: make privilege drop failure fatal before running the mailer...