SUSE CVE-2026-46181

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash...

SUSE CVE-2026-45929

In the Linux kernel, the following vulnerability has been resolved: ovpn: fix possible use-after-free in ovpnnetxmit When building the skblist in ovpnnetxmit, skbsharecheck will free the original skb if it is shared. The current implementation continues to use the stale skb pointer for subsequent...

PT-2026-43724

In the Linux kernel, the following vulnerability has been resolved: scsi: csiostor: Fix dereference of null pointer rn The error exit path when rn is NULL ends up deferencing the null pointer rn via the use of the macro CSIO INC STATS. Fix this by adding a new error return path label after the us...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Prevent the connection from being released during the oplock break notification. The ksmbdwork object can be freed after the connection is released. Increase the value of rcount for ksmbdconn to indicate that the requests...

Astra Linux - уязвимость в nasm

There is a use-after-free in asm/preproc.c function ppgetline in Netwide Assembler NASM 2.14rc16, which will cause a denial of service during a line-number increment attempt...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Added an increment to the count field in struct tripstats, which represents the number of times the zone’s temperature exceeded the trip point. This increment must be performed in thermaldebugtztripup, for two...

Astra Linux - уязвимость в gnupg2

In GnuPG before version 2.4.9, the armorfilter function in g10/armor.c had two increments of an index variable, where only one was intended. This led to a out-of-bounds write vulnerability with crafted inputs. This issue has been fixed in ExtendedLTS versions, 2.2.51 and later...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/siw: Fixed a refcounting leak in siwcreateqp. The atomicinc function needs to be paired with an atomicdec function in the error handling path...

Exploit for CVE-2026-40369

CVE-2026-40369: Arbitrary Kernel Address Increment via NtQuery...

GHSA-PJ6Q-4VQ4-R8CG Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_count

Summary PUT /api/echo/like/:id at internal/router/echo.go:12 is registered on PublicRouterGroup with no authentication and no rate limit. Anonymous callers increment the favcount counter on any echo including private echoes by UUID, repeat the request without deduplication, and trigger a database...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dm cache: Fixed an issue where out-of-bounds access to the dirty bitset occurred during resizing. The dm-cache checks the dirty bits of the cache blocks that need to be dropped when shrinking the fast device. However, an indexing...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance schedsmtpresent dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jumplabel.c:263 statickeyslowtrydec+0x9d/0xb0 Call Trace:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012961)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012961 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: convert from raw to noinc regmap functions for FIFO The SC16IS7XX IC supports ...

SUSE CVE-2026-33536

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds...

CVE-2026-33536

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds...

CVE-2026-31856

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is...

CVE-2026-31871

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g.,...

BIT-PARSE-2026-31871 Parse Server has a SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g.,...

BIT-PARSE-2026-31856 Parse Server has a SQL injection via `Increment` operation on nested object field in PostgreSQL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is...

CVE-2026-31856

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is...