5086 matches found
CVE-2026-31444
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smbgrantoplock smbgrantoplock has two issues in the oplock publication sequence: 1 opinfo is linked into ci-moplist via opinfoadd before addleasegloballist is called. If...
CVE-2026-31471
In CVE-2026-31471, the Linux kernel’s xfrm: iptfs path had a use-after-free-like issue during IPTFS clone state setup. iptfs_clone_state() stored x->mode_data before allocating the reorder window; if allocation failed, the code freed the cloned state but left x->mode_data pointing at freed ...
CVE-2026-31450
CVE-2026-31450 describes a race in ext4 where ei->jinode was published to concurrent readers before jbd2_journal_init_jbd_inode() completed, allowing a non-NULL jinode to be observed with i_vfs_inode still NULL. The mitigated issue could lead to a crash when a reader passes jinode to jbd2_wait...
CVE-2026-31444
CVE-2026-31444 affects ksmbd in the Linux kernel. The vulnerability arises from two flaws in the oplock publication sequence inside smb_grant_oplock(): (1) opinfo is linked into ci->m_op_list before add_lease_global_list(), so if that call fails, a freed node is dereferenced by concurrent read...
CVE-2026-31444 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and NULL deref in smbgrantoplock smbgrantoplock has two issues in the oplock publication sequence: 1 opinfo is linked into ci-moplist via opinfoadd before addleasegloballist is called. If...
RUSTSEC-2026-0107 `mysten-metrics` was removed from crates.io for malicious code
mysten-metrics included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...
`mysten-metrics` was removed from crates.io for malicious code
mysten-metrics included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...
DEBIAN-CVE-2026-33258
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...
GHSA-9X67-F2V7-63RW
creationtimestamp| type| source ---|---|--- 2026-04-22 01:18:49+00:00| published-proof-of-concept| Telegram/AsK9uQCoE0LPzwbkNe8abRZIpzVzCCIAKmN05DDH2W6pw...
GHSA-CCQ9-R5CW-5HWQ
creationtimestamp| type| source ---|---|--- 2026-04-22 01:18:49+00:00| published-proof-of-concept| Telegram/AsK9uQCoE0LPzwbkNe8abRZIpzVzCCIAKmN05DDH2W6pw...
PT-2026-34349
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The smb grant oplock function in ksmbd contains two issues. First, a use-after-free occurs when opinfo is linked into ci-m op list before add lease global list is called; if the latter...
PT-2026-34322
By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...
GHSA-2WCG-W3C4-48R7
creationtimestamp| type| source ---|---|--- 2026-04-21 23:30:36+00:00| published-proof-of-concept| Telegram/ITN0hTjNGfPMK-REHkV5qJBsGo4t4-tf1bJT5aod5DHh0UQ...
GHSA-9PP3-53P2-WW9V
creationtimestamp| type| source ---|---|--- 2026-04-21 21:27:33+00:00| published-proof-of-concept| Telegram/PLPaRbcJDaPiLP6CzuoYppan71AlFD-MBdwXLbLZgMJCSE...
GHSA-J59P-4XRR-FP8G
creationtimestamp| type| source ---|---|--- 2026-04-21 21:26:08+00:00| published-proof-of-concept| Telegram/Sh-VDLwDsigv2TtmIHQb5bM9xL-0-hntwqefkM3TigDwq8o...
Incomplete List of Disallowed Inputs
Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the Twig sandbox security policy, which permits database write operations even when safe mode is enabled. An attacker with Developer permissions can modify, insert, or delete data in any database...
CVE-2026-40498
creationtimestamp| type| source ---|---|--- 2026-04-21 17:18:19+00:00| published-proof-of-concept| Telegram/Dp3cHxEcbabtcr78eMwYzIZdIkaK3NXYlVFRQJBCFObozHI...
CVE-2025-41029
creationtimestamp| type| source ---|---|--- 2026-04-21 17:18:19+00:00| published-proof-of-concept| Telegram/Dp3cHxEcbabtcr78eMwYzIZdIkaK3NXYlVFRQJBCFObozHI...
GHSA-98HH-7GHG-X6RQ
creationtimestamp| type| source ---|---|--- 2026-04-21 01:19:10+00:00| published-proof-of-concept| Telegram/LrBuhuc7HcH3kswc1a1az3fvuC6rURNPubqOsu4a3yYkj38...
GHSA-M6RX-7PVW-2F73
creationtimestamp| type| source ---|---|--- 2026-04-21 01:18:26+00:00| published-proof-of-concept| Telegram/Ww620GgPpyXrrMPbpNwPksYQUctI-RNYBJrVLxtJIutZ-I...