The Manhattan Institute Helped Kill DEI. Now It’s Coming for Protests

The right-wing think tank is actively pushing “civil terrorism”—increasing penalties for minor crimes committed while people engage in constitutionally protected free speech...

CVE-2026-44075 Missing break in DSI OpenSession

A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPTATTNQUANT switch case to fall through into DSIOPTSERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Misc: ocxl: Fixed a possible double-free in ocxlfileregisterafu. The inforelease function will be called in deviceunregister when the reference count of info-dev is 0. Therefore, there is no need to call ocxlafuput and kfree agai...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: The blkallocextminor function fixes the issue where the maximum minor value is blkallocextminor. The idaallocrange... min, max,... function returns values ranging from min to max, including both endpoints. Therefore, NREXTDEVT is...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple tty devices attempt to claim the same minor number, resulting in a double unregistration of the same device. The first unregistration succeeds, but the next...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: serial: liteuart: fix minor-number leak on probe errors Be sure to release the allocated minor number before returning on probe errors...

SUSE CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

ALPINE-CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

UBUNTU-CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

CVE-2026-6638 PostgreSQL REFRESH PUBLICATION allows SQL injection via table name

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

CVE-2026-6476 PostgreSQL pg_createsubscriber allows SQL injection via subscription name

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

CVE-2026-6476 PostgreSQL pg_createsubscriber allows SQL injection via subscription name

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the device is released...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: misc: miscminoralloc to use ida for all dynamic/misc dynamic minors miscminoralloc was allocating id using ida for minor only in case of MISCDYNAMICMINOR but miscminorfree was always freeing ids using idafree causing a mismatch a...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: uio: Fixed a use-after-free in uioopen. core-1 core-2 ------------------------------------------------------- uiounregisterdevice uioopen idev = idrfind deviceunregister&idev-dev putdevice&idev-dev uiodevicerelease...

Roblox clamps down on chats and age checks as legal pressure builds

Roblox has long faced criticism over child safety on its platform. Now it has started settling with state attorneys over the issue, and the total is climbing fast. On April 21, Alabama Attorney General Steve Marshall announced a $12.2 million settlement with the child-focused online gaming...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011317)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011317 advisory. In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013057)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013057 advisory. In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the...

JLSEC-2026-51

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...