Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server before version 10.7 is vulnerable to Denial of Service attacks. In the file extra/mariabackup/dscompress.cc, when an error occurs pthreadcreate returns a non-zero value during the execution of the createworkerthreads method, the held lock is not released properly. This allows local...

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Locking, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2026-22735, CVE-2026-22737)

Summary There are vulnerabilities in spring-web-6.2.15.jar, spring-webmvc-6.2.15.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22735, CVE-2026-22737. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux...

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Locking (CVE-2026-22735)

Summary There are vulnerabilities in spring-web-6.2.15.jar, spring-webmvc-6.2.15.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22735. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux applications are...

Astra Linux - уязвимость в mariadb-10.3

MariaDB Server before version 10.7 is vulnerable to Denial of Service attacks. In the file extra/mariabackup/dsxbstream.cc, when an error occurs e.g., streamctxt-destfile == NULL while executing the xbstreamopen method, the held lock is not released properly. This allows local users to trigger a...

Astra Linux - уязвимость в linux, linux-5.10

In ipcheckmcrcu of igmp.c, there is a potential use after free due to improper locking. This could lead to a local escalation of privileges when opening and closing inet sockets, without the need for additional execution privileges. User interaction is not required for exploitation. Product:...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In multiple functions of iouring.c, there is a possibility of kernel memory corruption due to improper locking. This could lead to a local escalation of privileges in the kernel, as execution privileges are required. User interaction is not necessary for exploiting this vulnerability...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server before version 10.7 is vulnerable to Denial of Service attacks. In the file extra/mariabackup/dscompress.cc, when an error occurs i.e., transitioning to the err label during the execution of the createworkerthreads method, the held lock thd-ctrlmutex is not released properly. This...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In bindervmaclose of binder.c, there is a potential exploit after the free function call due to improper locking. This could lead to a local escalation of privileges without the need for additional execution privileges. User interaction is not required for this exploitation. Product: Android...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an improper locking sequence in the l2capconndel function, potentially leading to a deadlock...

Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires...

Siemens SIMATIC S7-1500 Improper Locking (CVE-2025-38058)

In the Linux kernel, the following vulnerability has been resolved: legitimizemnt: check for MNTSYNCUMOUNT should be under mountlock ... or we risk stealing final mntput from sync umount - raising mntcount after umount2 has verified that victim is not busy, but before it has set MNTSYNCUMOUNT; in...

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-31277link is external Apple Multiple Products Buffer Overflow Vulnerability CVE-2025-32432link is external Craft CMS Code Injection Vulnerability...

Apple Multiple Products Improper Locking Vulnerability

Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes...

Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the cdd.dll driver...

Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the cdd.dll driver...

Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

CVE-2026-20757

Improper Locking vulnerability CWE-667 in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976MR1, 9.30 prior to vEL9.30.3382 MR4, 9.20 prior to vEL9.20.378...

CVE-2026-20757

Improper Locking vulnerability CWE-667 in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976MR1, 9.30 prior to vEL9.30.3382 MR4, 9.20 prior to vEL9.20.378...

CVE-2026-20757

Improper Locking vulnerability CWE-667 in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976MR1, 9.30 prior to vEL9.30.3382 MR4, 9.20 prior to vEL9.20.378...