CVE-2026-50021

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...

EUVD-2026-39489

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the...

CVE-2026-50573

CVE-2026-50573 affects the pnpm package manager. Before versions 10.34.0 and 11.4.0, when running pnpm install in non-frozen mode, a package with an existing lockfile integrity can be updated if the registry serves different metadata/tarball content for the same package version. The initial integ...

CVE-2026-50573 pnpm: Unsafe default behavior breaks integrity check

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the...

CVE-2026-50021

pnpm prior to versions 10.34.0 and 11.4.0 is vulnerable to an integrity check bypass when the lockfile lacks an integrity field. If an attacker can modify pnpm-lock.yaml to remove the integrity: field and serve altered package content from the registry, running pnpm install --frozen-lockfile may ...

CVE-2026-50021 pnpm: Integrity Check Bypass via Missing Lockfile Integrity Field

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Binder: Fixed a UAF in bindersnetlinkreport. Oneway transactions sent to frozen targets via bindersproctransaction return an BRTRANSACTIONPENDINGFROZEN error, but they are still treated as successful since the target is expected ...

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

The U.S. Department of Justice DoJ on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the...

Linux Distros Unpatched Vulnerability : CVE-2026-45927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and...

SUSE CVE-2026-45927

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...

SUSE CVE-2026-46035

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: return NULL early from allocfrozenpagesnolock in NMI on UP On UP kernels !CONFIGSMP, spintrylock is a no-op that unconditionally succeeds even when the lock is already held. As a result, allocfrozenpagesnolock calle...

EUVD-2026-32393

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...

CVE-2026-46035

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: return NULL early from allocfrozenpagesnolock in NMI on UP On UP kernels !CONFIGSMP, spintrylock is a no-op that unconditionally succeeds even when the lock is already held. As a result, allocfrozenpagesnolock calle...

CVE-2026-45927

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...

CVE-2026-46035

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: return NULL early from allocfrozenpagesnolock in NMI on UP On UP kernels !CONFIGSMP, spintrylock is a no-op that unconditionally succeeds even when the lock is already held. As a result, allocfrozenpagesnolock calle...

CVE-2026-45927

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...

CVE-2026-45927

The CVE-2026-45927 issue affects the Linux kernel BPF subsystem. bpf_map_get_info_by_fd caches the hash of a map regardless of its frozen state, enabling a TOCTOU where a trusted loader could compare an older hash after a map is modified but before freezing. The fix returns -EPERM when the hash i...

CVE-2026-45927 bpf: Require frozen map for calculating map hash

In the Linux kernel, the following vulnerability has been resolved: bpf: Require frozen map for calculating map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map regardless of the map's frozen state. This leads to a TOCTOU bug where userspace can call BPFOBJGETINFOBYFD t...

PT-2026-43794

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Time-of-Check to Time-of-Use TOCTOU issue exists where the bpf map get info by fd function calculates and caches the hash of a map regardless of whether the map is frozen. This allows...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from bpfmapgetinfobyfd function in bpf. This function does not check the frozen state of maps during t...