CVE-2026-46052

The CVE-2026-46052 issue concerns the Linux kernel Ceph filesystem where a negative dentry that is already hashed can be re-added to the dcache, corrupting the d_hash bucket and leading to an RCU stall or system hang. The root cause is that d_add() can rehash and reinstate a dentry that is alread...

CVE-2026-46052

In the Linux kernel, the following vulnerability has been resolved: ceph: only dadd negative dentries when they are unhashed Ceph can call dadddentry, NULL on a negative dentry that is already present in the primary dcache hash. In the current VFS that is not safe. dadd goes through dadd to...

Security Bulletin: IBM z/TPF Development is affected by multiple vulnerabilities reported in the axios package

Summary Multiple vulnerabilities were identified in the open-source package axios version 1.15.0, which provides the HTTPS/HTTP client used by the extension. Fixes for these vulnerabilities were made available in axios version 1.15.2. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios ...

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test management is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Test management Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an...

CVE-2026-45937 crypto: inside-secure/eip93 - fix kernel panic in driver detach

In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - fix kernel panic in driver detach During driver detach, the same hash algorithm is unregistered multiple times due to a wrong iterator...

CVE-2026-45937

CVE-2026-45937 concerns the Linux kernel in the crypto: inside-secure/eip93 driver, where during driver detach the same hash algorithm could be unregistered multiple times due to a faulty iterator, leading to a kernel panic. The vulnerability is addressed by a kernel fix described as “fix kernel ...

CVE-2026-45937

In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - fix kernel panic in driver detach During driver detach, the same hash algorithm is unregistered multiple times due to a wrong iterator...

CVE-2026-45934

CVE-2026-45934 – Linux kernel/Btrfs issue : A vulnerability in Btrfs chunk allocation caused an EEXIST abort when non-consecutive gaps appeared during forced DUP chunk allocations, leading to a transaction abort with “Object already exists.” The problem manifests in btrfs_create_pending_block_gro...

CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...

CVE-2026-45934

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...

CVE-2026-45854 crypto: inside-secure/eip93 - unregister only available algorithm

In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - unregister only available algorithm EIP93 has an options register. This register indicates which crypto algorithms are implemented in silicon. Supported algorithms are registered on this basis...

CVE-2026-45854

CVE-2026-45854 – Linux kernel crypto: inside-secure/eip93 The issue concerns the EIP93 option register, which indicates which crypto algorithms are implemented in silicon. The kernel previously unregisters all algorithms based on this register, including those not supported by hardware, which cou...

CVE-2026-45854

In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - unregister only available algorithm EIP93 has an options register. This register indicates which crypto algorithms are implemented in silicon. Supported algorithms are registered on this basis...

3 SOC Steps that Shut Down Incident Risks Early

Most organizations still picture cyber defense as a fortress problem: build stronger walls, add more guards, buy another detection engine. But modern incidents rarely crash through the front gate. They drift in disguised as routine activity, hide inside legitimate processes, and quietly accumulat...

Hunting-Bugs

2026 Practical Bug Bounty Guide Built on real-world experie...

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

Important: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

Improper Verification of Cryptographic Signature

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the webhook request parser. The validateSignature method extracts the...

Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.17.0 shipped with IBM Cloud Pak for Business Automation iFixes for April 2026

Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation April 2026 security fixes update this dependency beyond 4.17.0 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2022-23990 DESCRIPTION: Expat aka...

PHANTOM

PHANTOM Autonomous Penetration Testing Framework Recon -...