CVE-2026-46150 fanotify: fix false positive on permission events

In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...

CVE-2026-32230

Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 to 2.1.3 , the GET /api/badge/:id/ping/:duration? endpoint in server/routers/api-router.js does not verify that the requested monitor belongs to a public group. All other badge endpoints check AND public = 1 in their SQL query...

Uptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a status page

Summary The GET /api/badge/:id/ping/:duration? endpoint in server/routers/api-router.js does not verify that the requested monitor belongs to a public group. All other badge endpoints check AND public = 1 in their SQL query before returning data. The ping endpoint skips this check entirely,...

EUVD-2023-44931

Malicious code in bioql PyPI...

kernel: ext4: correct grp validation in ext4_mb_good_group

A NULL pointer dereference vulnerability was found in the ext4 filesystem in the Linux kernel. In ext4mbgoodgroup, the group corruption check accesses the grp structure memory before verifying that grp is not NULL. If grp is NULL, this leads to a kernel crash. The fix adds a NULL check before...

kernel: ext4: correct grp validation in ext4_mb_good_group

A NULL pointer dereference vulnerability was found in the ext4 filesystem in the Linux kernel. In ext4mbgoodgroup, the group corruption check accesses the grp structure memory before verifying that grp is not NULL. If grp is NULL, this leads to a kernel crash. The fix adds a NULL check before...

DEBIAN-CVE-2023-40360

QEMU through 8.0.4 accesses a NULL pointer in nvmedirectivereceive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled...

CVE-2023-40360

QEMU through 8.0.4 accesses a NULL pointer in nvmedirectivereceive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled...

Weak Cryptography

github.com/supranational/blst is vulnerable to Weak Cryptography. The vulnerability exists due to logic errors in SigValidate function which results in group-check omission...

Blst has logical error in SigValidate in Go bindings

Impact Blst versions v0.3.0 through 0.3.10 failed to perform a signature group-check if the call to SigValidate in the Go bindings was complemented with a check for infinity. Formally speaking, infinity, or the identity element of the elliptic curve group, is a member of the group, and the...

GHSA-8C37-7QX3-4C4P Blst has logical error in SigValidate in Go bindings

Impact Blst versions v0.3.0 through 0.3.10 failed to perform a signature group-check if the call to SigValidate in the Go bindings was complemented with a check for infinity. Formally speaking, infinity, or the identity element of the elliptic curve group, is a member of the group, and the...

golang: syscall: faccessat checks wrong group

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

golang: syscall: faccessat checks wrong group

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

golang: syscall: faccessat checks wrong group

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability...

Improper Access Control

moodle is vulnerable to Improper Access Control. The library lacks accessible group check, thus allowing teachers in a quiz group to modify group overrides for other groups in the same quiz...