CVE-2026-45044 RustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated access to profiling handlers

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab-objexts always When memory allocation profiling is disabled at runtime or due to an error, shutdownmemprofiling is called: slab-objexts which previously allocated remains. It won't be cleared by...

UBUNTU-CVE-2026-23219

In the Linux kernel, the following vulnerability has been resolved: mm/slab: Add alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be noticed: 3959.023862 ------------ cut here ------------ 3959.023891 alloctag was not clear...

CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

PT-2026-3235

Apache bRPC and Affected Versions Apache bRPC versions prior to 1.15.0 Description Apache bRPC contains a remote command injection flaw in the heap profiler built-in service. The /pprof/heap endpoint does not properly validate the extra options parameter, allowing attackers to execute arbitrary...

Exploiting Timing Side-Channels in Quantum Circuits Simulation Via ML-Based Methods

As quantum computing advances, quantum circuit simulators serve as critical tools to bridge the current gap caused by limited quantum hardware availability. These simulators are typically deployed on cloud platforms, where users submit proprietary circuit designs for simulation. In this work, we...

CVE-2025-38517

In the Linux kernel, the following vulnerability has been resolved: lib/alloctag: do not acquire non-existent lock in alloctagtopusers alloctagtopusers attempts to lock alloctagcttype-modlock even when the alloctagcttype is not allocated because: 1 alloc tagging is disabled because mem profiling ...

CVE-2025-38517

In the Linux kernel, the following vulnerability has been resolved: lib/alloctag: do not acquire non-existent lock in alloctagtopusers alloctagtopusers attempts to lock alloctagcttype-modlock even when the alloctagcttype is not allocated because: 1 alloc tagging is disabled because mem profiling ...

Linux Distros Unpatched Vulnerability : CVE-2025-37908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab-objexts always When memory allocation profiling is disabled at runti...

SUSE-SU-2025:02121-1 Security update for helm

This update for helm fixes the following issues: Update to version 3.18.3: builddeps: bump golang.org/x/crypto from 0.38.0 to 0.39.0 6838ebc dependabotbot fix: user username password for login 5b9e2f6 Terry Howe Update pkg/registry/transport.go 2782412 Terry Howe Update pkg/registry/transport.go...

CVE-2025-38076

CVE-2025-38076 concerns the Linux kernel vulnerability related to module unloading and allocation tags. The issue arises from a use-after-free risk when memory containing a module’s allocation tags remains alive after unloading, because percpu counters referenced by those tags could be freed by f...

SUSE CVE-2025-37908

In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab-objexts always When memory allocation profiling is disabled at runtime or due to an error, shutdownmemprofiling is called: slab-objexts which previously allocated remains. It won't be cleared by...

DEBIAN-CVE-2025-37908

In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab-objexts always When memory allocation profiling is disabled at runtime or due to an error, shutdownmemprofiling is called: slab-objexts which previously allocated remains. It won't be cleared by...

UBUNTU-CVE-2025-37908

In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab-objexts always When memory allocation profiling is disabled at runtime or due to an error, shutdownmemprofiling is called: slab-objexts which previously allocated remains. It won't be cleared by...

CVE-2025-37908 mm, slab: clean up slab->obj_exts always

In the Linux kernel, the following vulnerability has been resolved: mm, slab: clean up slab-objexts always When memory allocation profiling is disabled at runtime or due to an error, shutdownmemprofiling is called: slab-objexts which previously allocated remains. It won't be cleared by...

CVE-2025-37908

The CVE-2025-37908 issue affects the Linux kernel’s memory allocator slab subsystem. Root cause: slab->obj_exts was not reliably cleared during unaccount_slab() when mem_alloc_profiling_enabled() is false, allowing residual allocations to persist after shutdown_mem_profiling(). This can trigge...