97 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: - usb: dwc2: gadget: Fixed the mismatch between spinlock and unlock calls in dwc2hsotgudcstop. - dwc2gadgetexitclockgating internally calls the callgadget macro. This macro expects hsotg-lock to be held since it performs...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fixed an SError in ufshcdrtcwork during UFS suspend. In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work. However, this function is called after ufshcdvopssuspendhba, pmop, POSTCHANGE...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: clk: thead: th1520-ap: set all AXI clocks to CLKISCRITICAL. The AXI crossbar of TH1520 does not have a proper timeout handling mechanism, which means that gateing AXI clocks can easily lead to bus timeouts and thus cause the syst...
SAGE: Scalable Automatic Gating Ensemble for Confident Negative Harvesting in Fraud Detection
Music streaming fraud, where bad actors artificially inflate stream counts to manipulate chart rankings and royalty payments, poses a significant threat to streaming services and legitimate content creators. Traditional fraud detection approaches struggle with a critical challenge: many legitimat...
SUSE CVE-2026-43415
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...
UBUNTU-CVE-2026-43415
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...
CVE-2026-43415
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel. These vulnerabilities arise from the sticky mode of the NIX SQ manager in the octeontx2-af driver, which causes...
Flight vulnerable to sensitive information disclosure via default error handler
Summary The default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak internal paths, any secret interpolated into an exception...
CVE-2026-44118 OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header
OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the derivation of a loopback MCP owner context from a server-issued bearer token that can be spoofed in the request header, which can be exploited by an attacke...
PT-2026-37051
CVE-2026-42313 pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set config value API method @permissionPerms.SETTINGS in src/p… https://t.co/8rZNAbQm5s...
CVE-2026-31756
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...
CVE-2026-31756
Technical details about CVE-2026-31756 are not publicly provided in the connected documents. Monitor for updates from vendors and advisories to confirm affected products, impact, and fixes.
CVE-2026-31756
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...
CVE-2026-31756 usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop()
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...
EUVD-2026-26569
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...
PT-2026-36391
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A spin lock/unlock mismatch exists in the dwc2 hsotg udc stop function. The dwc2 gadget exit clock gating function internally utilizes the call gadget macro, which requires hsotg-lock to...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the usb dwc2 gadget driver calling dwc2gadgetexitclockgating without holding a lock in the dwc2hsotgudcstop...
CVE-2026-2892
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...