Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation in the HTTPUEContextTransfer process when an unsupported Content-Type is received. An attacker can cause the processor to operate on an uninitialized object by sending a request with an unexpected Content-Typ...

CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock in cpu hotplug with osnoise The following sequence may leads deadlock in cpu hotplug: task1 task2 task3 ----- ----- ----- mutexlock&interfacelock CPU GOING OFFLINE cpuswritelock; osnoisecpudie;...

[SECURITY] Fedora 43 Update: jq-1.8.1-3.fc43

lightweight and flexible command-line JSON processor jq is like sed for JSON data =E2=80=93 you can use it to slice and filter and map and transform structured data with the same ease that sed, awk, grep and friends let you play with text. It is written in portable C, and it has zero runtime...

MinIO 授权问题漏洞

MinIO is an open-source object storage server developed by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions of MinIO from RELEASE.2023-05-18T00-05-36Z to RELEASE.2026-04-11T03-20-12Z containe...

CVE-2026-40343 free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

br.com.archbase:archbase-annotation-processor (>=2.0.0 <=2.1.17), br.com.archbase:archbase-app-framework (>=2.0.0 <=2.1.17) +1579 more potentially affected by CVE-2026-22751 via org.springframework.security:spring-security-core (>=6.5.0 <=6.5.1)

org.springframework.security:spring-security-core MAVEN version =6.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.17 and more Source cves: CVE-2026-22751 Source advisory: OSV:GHSA-X2WQ-9X2F-FHJ7...

EUVD-2026-24131

XiangShan open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA Physical Memory Attribute CSR state. Though the RISC-V privilege...

CVE-2026-29644

XiangShan open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA Physical Memory Attribute CSR state. Though the RISC-V privilege...

USN-8191-1: Apache Commons IO vulnerability

It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resources under certain circumstances. An attacker could possibly use this issue to cause Apache Commons IO to crash, resulting in a denial of service...

CVE-2026-29643

XiangShan Open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 contains an improper exceptional-condition handling flaw in its CSR subsystem NewCSR. On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR...

XiangShan 安全漏洞

XiangShan is an open-source high-performance RISC-V processor project developed by XiangShan in China. There is a security vulnerability in XiangShan, which stems from improper control of the distributed CSR write enablement path. This vulnerability could allow local attackers to modify memory...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010973)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010973 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom-hw: Fix memory leak in qcomcpufreqhwreadlut If cpudev fails to get opp table in...

CVE-2026-29644

XiangShan open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA Physical Memory Attribute CSR state. Though the RISC-V privilege...

CVE-2026-29644

XiangShan open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA Physical Memory Attribute CSR state. Though the RISC-V privilege...

PT-2026-34532

It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resources under certain circumstances. An attacker could possibly use this issue to cause Apache Commons IO to crash, resulting in a denial of service...

CVE-2026-29644

CVE-2026-29644 concerns XiangShan, an open-source high-performance RISC-V processor. The issue arises from improper gating of the distributed CSR write-enable path in the commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28), which can allow illegal CSR write attempts to alter the custom P...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011324)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011324 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix object lifecycle issue in updateqosrequest The cpufreqcpuput call in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011048)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011048 advisory. In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, t...

CVE-2026-29643

XiangShan Open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 contains an improper exceptional-condition handling flaw in its CSR subsystem NewCSR. On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR...

CVE-2026-29642

A local attacker who can execute privileged CSR operations or can induce firmware to do so performs carefully crafted reads/writes to menvcfg e.g., csrrs in M-mode. On affected XiangShan versions commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19, these menvcfg accesses can unexpectedly...