4278 matches found
CVE-2026-23362
In the Linux kernel, the following vulnerability has been resolved: can: bcm: fix locking for bcmop runtime updates Commit c2aba69d0c36 "can: bcm: add locking for bcmop runtime updates" added a locking for some variables that can be modified at runtime when updating the sending bcmop with a new...
CVE-2026-23348
Summary of a Linux kernel CVE (CVE-2026-23348) : The issue is a race condition in the CXL/NVDIMM subsystem where NVDIMM objects reprobe after cxl_acpi removal can occur with the nvdimm_bus object missing, leading to a NULL pointer dereference and potential system crash (DoS). Affected area center...
CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects
In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...
CVE-2026-23292
CVE-2026-23292 : Linux kernel scsi: target: Fix recursive locking in __configfs_open_file(). The root cause was target_core_item_dbroot_store() attempting to open the file path (which is the same configfs file already held) using filp_open(), leading to potential nested frag_sem locking. The fix ...
CVE-2026-23292 scsi: target: Fix recursive locking in __configfs_open_file()
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in configfsopenfile In flushwritebuffer, &p-fragsem is acquired and then the loaded store function is called, which, here, is targetcoreitemdbrootstore. This function called filpopen, following...
CVE-2026-23292
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in configfsopenfile In flushwritebuffer, &p-fragsem is acquired and then the loaded store function is called, which, here, is targetcoreitemdbrootstore. This function called filpopen, following...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of spinlock initialization in the bcmrxsetup module. This vulnerability may lead to...
Linux Distros Unpatched Vulnerability : CVE-2026-23362
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: bcm: fix locking for bcmop runtime updates Commit c2aba69d0c36 can: bcm: add locking for bcmop runtime updates added a locking for some variables that can ...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from recursive locking and may lead to deadlocks...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper locking order, and could lead to deadlocks...
Linux Distros Unpatched Vulnerability : CVE-2026-23292
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: target: Fix recursive locking in configfsopenfile In flushwritebuffer, &p-fragsem is acquired and then the loaded store function is called, which, here, i...
Parse Server: MFA recovery code single-use bypass via concurrent requests
Impact An attacker who obtains a user's password and a single MFA recovery code can reuse that recovery code an unlimited number of times by sending concurrent login requests. This defeats the single-use design of recovery codes. The attack requires the user's password, a valid recovery code, and...
GHSA-2299-GHJR-6VJP Parse Server: MFA recovery code single-use bypass via concurrent requests
Impact An attacker who obtains a user's password and a single MFA recovery code can reuse that recovery code an unlimited number of times by sending concurrent login requests. This defeats the single-use design of recovery codes. The attack requires the user's password, a valid recovery code, and...
Siemens SIMATIC S7-1500 Improper Locking (CVE-2025-38058)
In the Linux kernel, the following vulnerability has been resolved: legitimizemnt: check for MNTSYNCUMOUNT should be under mountlock ... or we risk stealing final mntput from sync umount - raising mntcount after umount2 has verified that victim is not busy, but before it has set MNTSYNCUMOUNT; in...
Nexxt Solutions Nebula 300+ 安全漏洞
The Nexxt Solutions Nebula 300+ is a wireless router produced by the Nexxt Solutions company in the United States. Versions of the Nebula 300+ with the software version 12.01.01.37 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of rate limits on the...
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-31277link is external Apple Multiple Products Buffer Overflow Vulnerability CVE-2025-32432link is external Craft CMS Code Injection Vulnerability...
Apple Multiple Products Improper Locking Vulnerability
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes...
ROS-20260313-73-0012
A vulnerability in the crostypecaltmodework function of the Linux operating system kernel is related to insufficient resource locking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
EUVD-2026-10920
Sylius has a Promotion Usage Limit Bypass via Race Condition...
ROS-20260311-73-0006
A vulnerability in the internal locking mechanism of the MongoDB database management system is related to locking with unrestricted external access. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...