CVE-2026-35202

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...

Linux Distros Unpatched Vulnerability : CVE-2026-46008

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: fix damoswalk vs kdamondfn exit race When kdamondfn main loop is finished, the function cancels remaining damoswalk request and unset the...

CVE-2026-43215

The CVE-2026-43215 issue affects the Linux kernel CIFS implementation: the code used cifs_tcp_ses_lock to guard tcon fields, but this lock protected more than intended. The patch introduces more granular locking (tc_lock) within tcon-related structures (in addition to srv_lock and ses_lock) to re...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper use of the tcon field in the cifs driver’s locking mechanism. This vulnerability may lead to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Race conditions between subflow failures and additional subflow creations. We have race conditions similar to those addressed by the previous patch, between subflow failures and additional subflow creations. However, these...

UBUNTU-CVE-2026-25612

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect handling of the locking mechanism, which could lead to a race condition...

CVE-2025-40219 PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV

In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Before disabling SR-IOV via config space accesses to the parent PF, sriovdisable first removes the PCI devices representing the VFs. Since commit 9d16947b7583...

ZITADEL 安全漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. A security vulnerability exists in ZITADEL versions prior to 4.6.0, prior to 3.4.3, and prior to 2.71.18, which...

EUVD-2018-8094

Malware in sbrugna...

EUVD-2025-22631

Malicious code in bioql PyPI...

EUVD-2025-13118

Malicious code in bioql PyPI...

EUVD-2025-5976

Malicious code in bioql PyPI...

EUVD-2024-53240

Malicious code in bioql PyPI...

can: bcm: add locking for bcm_op runtime updates

...

CVE-2025-38132

In the Linux kernel, the following vulnerability has been resolved: coresight: holding cscfgcsdevlock while removing cscfg from csdev There'll be possible race scenario for coresight config: CPU0 CPU1 perf enable load module cscfgloadconfigsets activate config. // sysfs sysactivecnt == 1...

CVE-2025-38132 coresight: holding cscfg_csdev_lock while removing cscfg from csdev

In the Linux kernel, the following vulnerability has been resolved: coresight: holding cscfgcsdevlock while removing cscfg from csdev There'll be possible race scenario for coresight config: CPU0 CPU1 perf enable load module cscfgloadconfigsets activate config. // sysfs sysactivecnt == 1...

CVE-2022-49998 rxrpc: Fix locking in rxrpc's sendmsg

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: 1 rxrpcnewclientcall should release the socket lock when returning an error from rxrpcgetcallslot. 2 rxrpcwaitfortxwindowintr will return...

CVE-2025-38004

The CVE-2025-38004 entry affects the Linux kernel CAN BCM subsystem. A race allowed by updates to the currframe/count in bcm_can_tx() could enable user-space-triggered modifications from hrtimer context, leading to a KASAN slab-out-of-bounds read. The patch fixes by moving the count variable into...

The vulnerability in the fs/dlm/lock.c module of the Linux kernel’s locking mechanism allows a hacker to trigger a service failure.

The vulnerability in the fs/dlm/lock.c module of the Linux operating system’s locking manager, which involves pointer dereferencing errors. Exploiting this vulnerability can allow an attacker to cause a service failure...