EUVD-2026-38904

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix off-by-one in checkimm signed range check checkimmbits, imm is used in the arm64 BPF JIT to verify that a branch displacement in arm64 instruction units fits into the signed N-bit immediate field of a B, B.cond or...

EUVD-2026-38992

In the Linux kernel, the following vulnerability has been resolved: ublk: reset per-IO canceled flag on each fetch If a ublk server starts recovering devices but dies before issuing fetch commands for all IOs, cancellation of the fetch commands that were successfully issued may never complete. Th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed a combination of JIT blinding and pointers to bpf subprogs. The combination of JIT blinding and pointers to bpf subprogs causes the following issue: 36.989548 BUG: Unable to handle a page fault for address:...

PT-2026-48751

Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...

PT-2026-46320

Unauthenticated Local File Inclusion in Geya = 1.15 versions...

PT-2026-46369

Unauthenticated Local File Inclusion in Choreo = 1.6 versions...

PT-2026-46349

Unauthenticated Arbitrary File Deletion in Car Zone = 3.7 versions...

PT-2026-46351

Unauthenticated Local File Inclusion in Abelle = 1.22 versions...

PT-2026-46365

Unauthenticated Local File Inclusion in Snowy = 1.13 versions...

PT-2026-46353

Unauthenticated Local File Inclusion in Preservation = 1.10 versions...

PT-2026-46331

Unauthenticated Local File Inclusion in MaxiNet = 1.2.10 versions...

PT-2026-46360

Unauthenticated Cross Site Scripting XSS in Grand Car Rental = 3.7 versions...

PT-2026-46333

Unauthenticated Local File Inclusion in Iona = 1.0.8 versions...

PT-2026-46339

Unauthenticated Local File Inclusion in Snow Club = 1.1 versions...

EUVD-2026-32251

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...

3 SOC Steps that Shut Down Incident Risks Early

Most organizations still picture cyber defense as a fortress problem: build stronger walls, add more guards, buy another detection engine. But modern incidents rarely crash through the front gate. They drift in disguised as routine activity, hide inside legitimate processes, and quietly accumulat...

NocoDB: Stale Auth Cache After API Token Deletion

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

GHSA-F76X-F9VJ-92JV NocoDB: Stale Auth Cache After API Token Deletion

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

PT-2026-42622

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

PT-2026-42680

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...