CVE-2026-45948

A flaw was found in the Linux kernel's ext4 filesystem. This vulnerability occurs in the ext4extshiftextents function, where a memory leak can happen if the function returns prematurely without releasing a previously obtained path. A local attacker could potentially exploit this to cause a denial...

CVE-2026-45995

A flaw was found in the Linux kernel's iouring/zcrx subsystem. This use-after-free UAF vulnerability occurs because the iofreerbufring function uses a struct userstruct that is prematurely freed by iozcrxifqfree before the ring is destroyed. A local attacker could potentially exploit this flaw to...

Squid: Squid: Denial of Service via crafted ICP traffic

A flaw was found in Squid. A remote attacker can exploit this vulnerability by sending specially crafted ICP Internet Cache Protocol traffic. This can lead to a Denial of Service DoS due to premature resource release and use-after-free vulnerabilities. This attack is possible in Squid deployments...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/shmem-helper: The erroneous “put” operation has been removed from the error path. The drmgemshmemmmap function does not have a reference in the error code path, resulting in the dma-buf shmem GEM object being freed...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: locking/wwmutex/test: Fixed potential corruption of the workqueue. In some cases, when running with the test-wwmutex code, I observed odd behaviors where, sometimes, flushworkqueue seemed to return before all work threads had...

Astra Linux - уязвимость в qtbase-opensource-src

A issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code that makes security-related decisions regarding established connections may execute prematurely, because the encrypted signal has not yet been...

CVE-2026-34234

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

EUVD-2026-30984

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

CVE-2026-34234

CVE-2026-34234 affects CtrlPanel (open-source hosting-provider billing) versions up to 1.1.1. The web installer at public/installer/index.php executes form handlers before install.lock gating and uses unsanitized user input in shell commands, enabling unauthenticated RCE. A PoC demonstrates a cra...

PT-2026-42016

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description The web-based installer at the endpoint "public/installer/index.php" allows unauthenticated Remote Code Execution RCE, which is the ability to execute arbitrary commands on a remote machine. The...

UBUNTU-CVE-2026-43332

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone device registration error path If thermalzonedeviceregisterwithtrips fails after registering a thermal zone device, it needs to wait for the tz-removal completion like thermalzonedeviceunregister, ...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from premature fence selection and improper reference management in the amdgpugemvaioctl function. Thi...

Incorrect Behavior Order

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order due to a write operation to the session storage backend occurring before authentication. An attacker can exhaust storage resources by sending unauthenticated requests. Remediation Upgrade horizon to version 25.7...

CVE-2026-6357

A flaw was found in pip. Prior to version 26.1, pip's self-update check functionality would execute after installing wheel packages. This process involved importing newly installed Python modules. A malicious actor could craft a specially designed wheel package that, when installed, could lead to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from race conditions during the process of removing and reverting hot zones. This vulnerability may le...

net: openvswitch: Avoid releasing netdev before teardown completes

...

Linux Distros Unpatched Vulnerability : CVE-2026-31680

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ipv6: flowlabel: defer exclusive option free until RCU teardown ip6flseqshow walks the global flowlabel hash under the seq-file RCU read-side lock and prin...

CVE-2026-31573

A flaw was found in the Linux kernel's verisilicon hantrovpu media driver. When the driver is built as a module, a misuse of the initconst annotation causes data to be prematurely freed. This freed memory is later accessed during driver probing or unbind-bind cycles, leading to a kernel panic and...

CVE-2026-31566

A flaw was found in the Linux kernel's AMD GPU amdgpu driver. An issue in the amdgpuamdkfdsubmitib function allows a local user to trigger a use-after-free vulnerability. This occurs because a fence reference is incorrectly released before waiting for job completion, potentially freeing the memor...