EUVD-2026-37856

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.editfolder.php, the folder update action 'a=update' updates folder metadata title, description, public/gallery flags without calling cotcheckxg ...

CVE-2026-4301

The CVE-2026-4301 entry documents a vulnerability in the WordPress plugin Rate Star Review Vote (versions up to 1.6.4). The vwrsr_review() AJAX handler lacks proper capability checks and nonce verification, relying only on is_user_logged_in(). When form is set to 'update', an attacker-supplied ra...

PT-2026-39948

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr review AJAX handler lacks both capability checks and nonce verification. The only access control is an is user logged in...

SUSE CVE-2026-43271

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...

EUVD-2026-27666

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...

CVE-2026-43271

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...

CVE-2026-43271

CVE-2026-43271 involves the Linux kernel md-cluster module where a race during MD array startup can cause a NULL pointer dereference in process_metadata_update when a METADATA_UPDATED message arrives before mddev->thread is initialized. The root cause is the code path that dereferences the thr...

CVE-2026-43271

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...

CVE-2026-43271 md-cluster: fix NULL pointer dereference in process_metadata_update

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...

CVE-2026-43271

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the processmetadataupdate function in the md-cluster module. This function derefreshes a null...

PT-2026-37611

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the process metadata update function. During the MD array startup sequence md run, a race condition occurs where the cluster recv thread is active an...

Linux Distros Unpatched Vulnerability : CVE-2026-43271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fixed the issue to cover normal cluster writes using cprwsem. When we overwrite a compressed cluster with a normal cluster, we should not unlock cprwsem during f2fswriterawpages. Otherwise, data will be corrupted ...

Vulnerabilities fixed in Cisco Nexus Dashboard and Nexus Dashboard Insights

Cisco has fixed vulnerabilities in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights. The first vulnerability involves incorrect input validation of specific HTTP requests in Cisco Nexus Dashboard and Nexus Dashboard Insights. This allows unauthenticated remote attackers to perform...

EUVD-2026-17957

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...

CVE-2026-20174

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...

CVE-2026-20174

Cisco Nexus Dashboard Insights metadata update feature is vulnerable to arbitrary file write. The issue arises from insufficient validation of the metadata update file, allowing an authenticated attacker with admin credentials to craft a metadata update file and upload it to an affected device, p...

CVE-2026-20174 Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...

CVE-2026-20174 Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this...