798 matches found
EUVD-2026-32321
In the Linux kernel, the following vulnerability has been resolved: ata: libata-scsi: avoid Non-NCQ command starvation When a non-NCQ command is issued while NCQ commands are being executed, atascsiqcissue indicates to the SCSI layer that the command issuing should be deferred by returning...
CVE-2026-46090
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...
UBUNTU-CVE-2026-46090
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...
CVE-2026-46090
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...
CVE-2026-46090
CVE-2026-46090 affects the Linux kernel ALSA aloop driver. A use-after-free in loopback_check_format() can occur when playback starts with parameters that no longer match a running capture stream, while a concurrent close may detach or free the runtime. The issue arises after a patch that moved t...
CVE-2026-45855
CVE-2026-45855 — Linux kernel (ata: libata-scsi) forward progress fix for Non-NCQ starvation Impact: The issue occurred when a host adapter with multiple submission queues faced constant NCQ traffic, potentially starving non-NCQ commands due to requeueing behavior in ata_scsi_qc_issue(). Root cau...
PT-2026-43958
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback check format may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Lab — React Server Components RCE !Dockerh...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — React Server Components Pre-Auth RCE "React2...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — React2Shell Unauthenticated RCE in React Ser...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — React2Shell Unauthenticated RCE in React Ser...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Input: powermate – fixed a use-after-free in powermateconfigComplete. Syzbot has identified a use-after-free bug 1 in the powermate driver. This occurs when the device is disconnected, causing memory related to the powermatedevic...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: afunix: Fixed a data race around unixtotinflight. unixtotinflight is updated under spinlockunixgclock, but unixreleasesock reads it without locking. We should use READONCE for unixtotinflight. Note that the writer side was...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 React2Shell Analysis Report Sections require...
CLSA-2026-1778890582 curl: Fix of CVE-2026-5545
CVE-2026-5545: wrong reuse of HTTP Negotiate connection; only allow an existing connection to be reused and "upgraded" to NTLM when neither NTLM nor Negotiate authentication is in flight on it...
CLSA-2026-1778889816 curl: Fix of CVE-2026-5545
CVE-2026-5545: wrong reuse of HTTP Negotiate connection; only allow an existing connection to be reused and "upgraded" to NTLM when neither NTLM nor Negotiate authentication is in flight on it...
CVE-2026-42552
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak...
CVE-2026-42597
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...
EUVD-2026-30317
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...
CVE-2026-42597
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...