1289 matches found
CVE-2026-53123
The CVE relates to the Linux kernel md subsystem during raid456 reshape. If a direct IO operation crosses the reshape boundary, raid5_make_request() can sleep while an active_io reference is held. If userspace freezes reshape and triggers mddev_suspend(), the code kills active_io and waits for in...
CVE-2026-53123 md: wake raid456 reshape waiters before suspend
In the Linux kernel, the following vulnerability has been resolved: md: wake raid456 reshape waiters before suspend During raid456 reshape, direct IO across the reshape position can sleep in raid5makerequest waiting for reshape progress while still holding an activeio reference. If userspace then...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: md: fixed rcu protection in mdwakeupthread We attempted to use RCU to protect the pointer “thread”, but passed the value directly when calling mdwakeupthread. This means that the RCU pointer was acquired before rcureadlock was...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: md-cluster: fixed NULL pointer dereferencing in processmetadataupdate. The function processmetadataupdate blindly dereferences the ‘thread’ pointer acquired via rcudereferenceprotected within the waitevent macro. While the code...
CVE-2026-7761 Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure
The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...
PT-2026-52019
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock occurs in the Linux kernel when the value "clear" is written to the array state variable. The md attr store function breaks sysfs active protection to allow an array to delete...
PT-2026-52017
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur during a raid456 reshape process. Direct IO across the reshape position may sleep in the raid5 make request function while waiting for reshape progress and holding a...
EUVD-2026-38366
Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...
httpd: mod_md: unrestricted OCSP response leads to resource exhaustion
A flaw was found in the modmd module of httpd. When processing OCSP Online Certificate Status Protocol responses from a malicious or compromised OCSP responder, the module fails to enforce proper size limits on the incoming data. This issue leads to memory exhaustion and a denial of service...
httpd: mod_md: unrestricted OCSP response leads to resource exhaustion
A flaw was found in the modmd module of httpd. When processing OCSP Online Certificate Status Protocol responses from a malicious or compromised OCSP responder, the module fails to enforce proper size limits on the incoming data. This issue leads to memory exhaustion and a denial of service...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...
kernel: md/bitmap: fix GPF in write_page caused by resize race
A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...
postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...
kernel: md/bitmap: fix GPF in write_page caused by resize race
A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...
CVE-2026-11621
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
CVE-2026-46492
md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...
CVE-2026-46327
In the Linux kernel dm subsystem, the vulnerability centers on dm_blk_report_zones checking for suspended state without holding locks, allowing a race where the device may be suspended immediately after the check. The fix moves the dm_suspended_md check to occur after dm_get_live_table, ensuring ...
CVE-2026-11621
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
CVE-2026-11621
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
CVE-2026-11621 Dcat-Admin User Setting upload editorMDUpload unrestricted upload
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...