EUVD-2026-9393

Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice Extension:NSFileRepo modules allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This...

CVE-2026-23134

In the Linux kernel, the following vulnerability has been resolved: slab: fix kmallocnolock context check for PREEMPTRT On PREEMPTRT kernels, locallock becomes a sleeping lock. The current check in kmallocnolock only verifies we're not in NMI or hard IRQ context, but misses the case where...

PT-2026-8129

In the Linux kernel, the following vulnerability has been resolved: slab: fix kmalloc nolock context check for PREEMPT RT On PREEMPT RT kernels, local lock becomes a sleeping lock. The current check in kmalloc nolock only verifies we're not in NMI or hard IRQ context, but misses the case where...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from resetting devices within the scope of mutex locks during recovery reset periods, potentially...

CVE-2026-25612

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks...

SUSE CVE-2026-20897

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that IPv4 address locks are not allocated based on ports, which may lead to race...

GO-2026-4363 Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea

Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea...

CVE-2025-71180

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQFNOTHREAD flag An IRQ handler can either be IRQFNOTHREAD or acquire spinlockt, as CONFIGPROVERAWLOCKNESTING warns: ============================= BUG: Invalid wait context 6.18.0-rc1+git... 1...

CVE-2025-71181

In the Linux kernel, the following vulnerability has been resolved: rustbinder: remove spinlock in rustshrinkfreepage When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/listlru: split the lock to per-cgroup scope" into account, and apparently I did not end up...

CVE-2025-71180

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQFNOTHREAD flag An IRQ handler can either be IRQFNOTHREAD or acquire spinlockt, as CONFIGPROVERAWLOCKNESTING warns: ============================= BUG: Invalid wait context 6.18.0-rc1+git... 1...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005111)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005111 advisory. In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntlsetlk races with clos...

CVE-2026-20897

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories. Mitigation Mitigation for this issue is either not available or the currently available options do not mee...

EUVD-2026-4264

Gitea does not properly validate repository ownership when deleting Git LFS locks...

Gitea does not properly validate repository ownership when deleting Git LFS locks

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of repository ownership in the delete process for Git LFS locks. An attacker can remove LFS locks from repositories they do not own by leveraging write access to a...

CVE-2026-20897

Gitea vulnerability CVE-2026-20897: The system does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may delete LFS locks belonging to other repositories, enabling cross-repo access control issues. Related OSV entry GO-2026-4363 co...

PT-2026-4292

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description Gitea does not correctly validate repository ownership during the deletion of Git LFS locks. This allows a user with write access to a repository to potentially delete LFS locks that belong to...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37808)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37808 advisory. - In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of...