CVE-2026-27878 Tempo TraceQL query with exemplar hint could result in unbounded memory usage

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service...

CVE-2026-27878

Grafana Tempo is affected by CVE-2026-27878 due to a TraceQL query that uses a large exemplars hint value, which can cause the Tempo instance to allocate excessive memory and crash (out-of-memory) for an authenticated user, enabling a denial of service. The public documents describe the issue and...

CVE-2026-27878 Tempo TraceQL query with exemplar hint could result in unbounded memory usage

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Do not use BUGON in hfspluscreateattributesfile. When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplusfillsuper assumes that the attributes file has not yet been...

CVE-2026-46448

A flaw was found in OpenStack Nova. The server creation application programming interface API fails to remove specific hint data, leading to instances being created without proper Placement allocation. This can result in a denial of service, as resources may not be correctly assigned or managed f...

EUVD-2026-37218

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

CVE-2026-46448

OpenStack Nova CVE-2026-46448 affects OpenStack Nova before 33.0.2. The server create API fails to strip certain hint data, resulting in instances with no Placement allocation. Connected sources confirm the impact; no exploitation details are provided in the documents. No remediation/version info...

CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

UBUNTU-CVE-2026-46448

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation...

libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in iprouteusehint syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears the bug exists in latest trees. All calls to indevgetrcu must be checked for a NULL result. 1...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Resets queuepriorityhint when parking Originally, with strict order execution, we could only complete execution when the queue was empty. Preempt-to-busy allows for the replacement of an active request that may...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: enetc: An illegal access occurred when reading the affinityhint parameter. The irqsetaffinityhit function stores a reference to the cpumaskt parameter in the irqdescriptor. This reference can be accessed later from...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k: The affinity hint was cleared before calling ath11kpcicfreeirq in the error path. If a shared IRQ is used by the driver due to platform limitations, then the IRQ affinity hint is set correctly after the allocation o...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006894)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006894 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking Originally, with strict in order execution, we...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006787)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006787 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking Originally, with strict in order execution, we...

Cross-site Scripting (XSS)

Overview github.com/ory/hydra/oauth2 is an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errorhint parameter. An attacker can execute arbitrary JavaScript in the context of the user's...