Pi-hole Reflected XSS in 404-Error Page

Pi-hole Admin Interface = 6.2.1 contains a reflected XSS vulnerability on the 404 error page. The URL path is reflected unsanitized into the class attribute of the body tag, allowing attribute injection via a crafted URL to execute arbitrary JavaScript in victim browsers. id: CVE-2025-53533 info:...

SUSE CVE-2026-45912

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

SUSE CVE-2026-46013

In the Linux kernel, the following vulnerability has been resolved: mm/memfdluo: fix physical address conversion in putfolios cleanup In memfdluoretrievefolios's putfolios cleanup path: 1. khorestorefolio expects a physaddrt physical address but receives a raw PFN pfolio-pfn. This causes...

CVE-2026-46013

A flaw was found in the Linux kernel. An issue in the memfdluo component, specifically within the putfolios cleanup path of memfdluoretrievefolios, leads to incorrect physical address conversion and a missing check for sparse file holes. This could result in incorrect memory handling, potentially...

CVE-2026-45912

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

UBUNTU-CVE-2026-45912

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

CVE-2026-45912

The CVE-2026-45912 issue affects the Linux kernel ext4 path: during split of an unwritten extent, ext4_split_extent_at() truncates and inserts a new extent while the extent status tree may temporarily reflect a hole if ext4_find_extent() or ext4_cache_extents() are invoked. This can leave a stale...

CVE-2026-45912 ext4: don't cache extent during splitting extent

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

PT-2026-43779

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: Fixed races between hole punching and AIO+DIO. After the commit “ocfs2: return real error code in ocfs2diowrgetblock”, fstests/generic/300 now sometimes fail instead of always failing...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: actskbmod: prevent kernel-infoleak The syzbot discovered that tcfskbmoddump was copying four bytes from the kernel stack to user space 1. The issue here is that ‘struct tcskbmod’ has a four-byte hole. We need to cle...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Make sure the first directory block is not a hole. The syzbot constructs a directory that has no dirblock, but it is not inline; in other words, the first directory block is a hole. No errors are reported when creating file...

CVE-2026-41489

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

CVE-2026-41489

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

CVE-2026-41489

Pi-hole (6.0 through before Core 6.4.2 and FTL 6.6.1) is vulnerable because two systemd-executed root scripts (pihole-FTL-prestart.sh and pihole-FTL-poststop.sh) read the files.pid path from a config without validation and perform privileged file operations using that path. An attacker with pihol...

CVE-2026-41489 Pi-hole: Local privilege escalation via config-controlled path in root-executed service hooks

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

EUVD-2026-29295

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

CVE-2026-41489 Pi-hole: Local privilege escalation via config-controlled path in root-executed service hooks

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

Pi-hole 安全漏洞

Pi-hole is a web-level advertising blocking application developed by Pi-hole Inc. Versions of Pi-hole from 6.0 to 6.4.2, as well as FTL 6.6.1, contained security vulnerabilities. These vulnerabilities stemmed from shell scripts that failed to validate the files.pid path read from configuration...

PT-2026-39836

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...