3537 matches found
CVE-2026-45807
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from the client and pass it through StorageInterface.parentTraversalGuard before reading the underlying file from the local storage backend. The guard onl...
CVE-2026-53297 net: mana: Guard mana_remove against double invocation
In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard manaremove against double invocation If PM resume fails e.g., manaattach returns an error, manaprobe calls manaremove, which tears down the device and sets gd-gdmacontext = NULL and gd-driverdata = NULL. However,...
curl: ssh_config_matches is dead code: unauthorized SSH key reuse
Summary libcurl's SSH connection-reuse guard sshconfigmatches — added for CVE-2022-27782 and reaffirmed by CVE-2023-27538 — is dead code in every release since 7.83.1. It compares sshc-rsa / sshc-rsapub between a new transfer "needle" and a pooled connection, but on both sides those pointers are...
CVE-2026-55667
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete arbitrary files outside their scope other tenants' data, a...
CVE-2026-57520 Bitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove Endpoint
Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...
CVE-2026-55667
File Browser CVE-2026-55667 allows a scoped, non-admin user with only Create permission to delete files outside their scope during failed-upload cleanup. The issue stems from ScopedFs.RemoveAll bypassing the symlink guard that other methods enforce, with the direct-upload cleanup path invoking Re...
CVE-2026-53269
In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: add mutex to guard hook reference counting As the synproxy infrastructure register netfilter hooks on-demand when a user adds the first iptables target or nftables expression, if done concurrently they can ra...
CVE-2026-53178
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: rtwmlme: add bounds checks before ielength subtraction Add guards to ensure ielength is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow...
UBUNTU-CVE-2026-53271
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither READONCE nor a NULL check. Both run from oplockbreak after opinfogetlist h...
CVE-2026-53235
In the Linux kernel, the following vulnerability has been resolved: net: add pskbmaypull to skbgroreceivelist skbgroreceivelist calls skbpullskb, skbgrooffsetskb without first ensuring the data is in the linear area via pskbmaypull. When the skb arrives via napigrofrags, skbheadlen can be 0 all...
CVE-2026-53235
Summary of technical details (CVE-2026-53235) : The Linux kernel GRO receive path had a bug in skb_gro_receive_list() where skb_pull(skb, skb_gro_offset(skb)) could run without ensuring the data is linear (missing pskb_may_pull() guard). When packets arrive via napi_gro_frags(), skb_headlen can b...
CVE-2026-53235 net: add pskb_may_pull() to skb_gro_receive_list()
In the Linux kernel, the following vulnerability has been resolved: net: add pskbmaypull to skbgroreceivelist skbgroreceivelist calls skbpullskb, skbgrooffsetskb without first ensuring the data is in the linear area via pskbmaypull. When the skb arrives via napigrofrags, skbheadlen can be 0 all...
EUVD-2026-38833
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure When ttmttswapout fails, the current code calls ttmresourceaddbulkmove followed by ttmresourcemovetolrutail to restore the resource's bulkmove membership. However,...
CVE-2026-53048
The CVE concerns the Linux kernel gfs2 subsystem. During unmount, gfs2_log_flush() could dereference sdp->sd_jdesc when it had already been deallocated, leading to a NULL pointer dereference. A prior commit (35264909e9d1) added a NULL check in gfs2_log_flush(), but the dereference in gfs2_log_...
CVE-2026-53032 bpf: Fix NULL deref in map_kptr_match_type for scalar regs
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL deref in mapkptrmatchtype for scalar regs Commit ab6c637ad027 "bpf: Fix a bpfkptrxchg issue with local kptr" refactored mapkptrmatchtype to branch on btfiskernel before checking basetype. A scalar register stored in...
CVE-2026-52965
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure When ttmttswapout fails, the current code calls ttmresourceaddbulkmove followed by ttmresourcemovetolrutail to restore the resource's bulkmove membership. However,...
CVE-2026-52965 drm/ttm: Fix ttm_bo_swapout() infinite LRU walk on swapout failure
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure When ttmttswapout fails, the current code calls ttmresourceaddbulkmove followed by ttmresourcemovetolrutail to restore the resource's bulkmove membership. However,...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: - svcrdma: The bound check of rqpages index in the inline path. - svcrdmacopyInlineRange: Indexing rqstp-rqpagesrccurpage without verifying that rccurpage remains within the allocated page array. Add guards before the first us...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: accel/ivpu: Fixed a race condition when unbinding BOs. Fixed a warning stating “Memory manager not cleaned during takedown” that occurs when ivpugembofree removes a BO from the BOs list before it is unmapped. This issue caused...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys – prevented overflow in asymmetrickeygenerateid. Use checkaddoverflow to prevent potential integer overflows when adding the lengths of binary blobs and the size of an asymmetrickeyid structure. Return...