CVE-2026-44316 free5GC: PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the...

SUSE CVE-2022-39307

Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: A null pointer check was added in modhdcphdcp1createsession. The function modhdcphdcp1createsession calls the function getfirstactivedisplay, but does not check its return value. If the display list is empty, the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: nuvoton: A error check in npcmvideoeceinit has been fixed. When the functionoffinddevicebynode fails, it returns NULL instead of an error code. Therefore, the corresponding error check logic should be modified to check...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fixed an Oops after disconnection in niusb. If the USB dongle is disconnected, subsequent calls to the driver will cause a NULL dereference Oops, as the businterface is set to NULL upon disconnection. This issue w...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: hwmon: Handling failures in registering sensors with a thermal zone correctly. If an attempt is made to register a sensor with a thermal zone and it fails, the call to devmthermalzoneofsensorregister may return -ENODEV. This c...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: A null pointer check should be added for getfirstactivedisplay. The function modhdcphdcp1enableencryption calls the function getfirstactivedisplay, but does not check its return value. If the display list is empt...

CVE-2026-42207 Magento LTS: Open Redirect via Unvalidated `uenc` Parameter in `stockAction()` - magento-lts

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

GHSA-8P4X-WR7X-3788 python-liquid: Absolute paths escape filesystem loader search path

Impact The built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the % include % and % render % tags. Targeted files...

GHSA-JQFC-GWJ5-3W63 free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does not exist in UESubsCollection. The processor checks value, ok :=...

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks , ok =...

GHSA-WR8J-6CHW-GM6P free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference

Summary free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the consumer wrapper returns err != nil together with a nil response struct. The...

Magento LTS Vulnerable to Open Redirect via Unvalidated `uenc` Parameter in `stockAction()`

Summary MageProductAlertAddController::stockAction reads the uenc query parameter and passes it directly to $this-redirectUrl$backUrl without calling $this-isUrlInternal When the supplied productid does not match any catalog product, the server issues an unvalidated HTTP 302 redirect to whatever...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: amt: fixed a possible memory leak in amtrcv If amt receives packets and finds a socket; if it cannot find a socket, it should free the received skb. However, this is not done. As a result, a memory leak could potentially occur...

Astra Linux - уязвимость в linux-5.15, linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fixed a general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and attempts to read a b-tree node by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport portstate before calling done callback In nvmefchandlelsrqstwork, the lsrsp-done callback is only set when remoteport-portstate is FCOBJSTATEONLINE. Otherwise, the nvmefcxmtlsrsp's LLDD call to...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevents dereferencing of a NULL pointer if ATI is not supported. acpievaluateobject may return AENOTFOUND failure, which would allow dereferencing of buffer.pointer obj when buffer.pointer is NULL. Although this...

CVE-2026-31744 PM: EM: Fix NULL pointer dereference when perf domain ID is not found

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found devenergymodelnlgetperfdomainsdoit calls emperfdomaingetbyid but does not check the return value before passing it to emnlgetpdsize. When a caller supplies a...

EUVD-2026-26557

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found devenergymodelnlgetperfdomainsdoit calls emperfdomaingetbyid but does not check the return value before passing it to emnlgetpdsize. When a caller supplies a...

EUVD-2026-24903

In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFSROOTORPHANCLEANUP during subvol create We have recently observed a number of subvolumes with broken dentries. ls-ing the parent dir looks like: drwxrwxrwt 1 root root 16 Jan 23 16:49 . drwxr-xr-x 1 root root 24 Ja...