CVE-2026-45287

CVE-2026-45287 affects the Go OpenTelemetry implementation. Prior to version 0.0.17, parsing a schema via go.opentelemetry.io/otel/schema/v1.0 or .../v1.1 leaks one file descriptor per successful ParseFile call because ParseFile opens the file and passes it to Parse without closing it, risking de...

PT-2026-46233

🔒 API Platform CVE-2026-49858: JSON:API & HAL normalizers cached components across users on long-running runtimes FrankenPHP, RoadRunner, Swoole. Patched in 4.1.29 / 4.2.25 / 4.3.8 — upgrade now. https://t.co/1oIPjtQjqB...

GHSA-995V-FVRW-C78M opentelemetry-go's Schema ParseFile leaks file descriptors on each parse

Summary go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it; repeated parsing in a long-running process can exhaust the process file...

CVE-2026-45968

In the Linux kernel, the following vulnerability has been resolved: cpuidle: Skip governor when only one idle state is available On certain platforms PowerNV systems without a power-mgt DT node, cpuidle may register only a single idle state. In cases where that single state is a polling state sta...

UBUNTU-CVE-2026-45917

In the Linux kernel, the following vulnerability has been resolved: ipvs: do not keep destdst if dev is going down There is race between the netdev notifier ipvsdstevent and the code that caches dst with dev that is going down. As the FIB can be notified for the closed device after our handler...

PT-2026-43784

In the Linux kernel, the following vulnerability has been resolved: ipvs: do not keep dest dst if dev is going down There is race between the netdev notifier ip vs dst event and the code that caches dst with dev that is going down. As the FIB can be notified for the closed device after our handle...

Ollama Scanner

This module identifies ollama instances and enumerates the LLM models which have been loaded and are running. Module Options msf use auxiliary/scanner/http/ollamainfo msf auxiliaryollamainfo show actions ...actions... msf auxiliaryollamainfo set ACTION msf auxiliaryollamainfo show options ...show...

MAL-2026-4193 Malicious code in private-next-pages (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00c6505c70734328f859fa758ad45ba680403a4cfeedd60d2f9e035b026bd45c package.json declares a postinstall script that uses Node's childprocess to execute reconnaissance commands including whoami and beacon results out v...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: In devcom, fix for error flow in mlx5devcomregisterdevice. In the event of a failure in devcom allocation, mlx5 always frees the private memory. However, this private memory might have been allocated by a different...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: Do not run mt76ustatusworker if the device is not running. Fixed the issue where a NULL pointer dereference occurred, preventing the mt76ustatusworker thread from being executed if the device was not running. KASAN...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Timers: A race condition involving NULL function pointers in timershutdownsync has been fixed. There is a race condition between timershutdownsync and timerexpiration, which can lead to a WARNON being triggered in expiretimers...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

A issue was discovered in the file drivers/media/dvb-core/dvbfrontend.c within the Linux kernel version 6.2. There is a blocking operation that occurs when a task is in the !TASKRUNNING state. In the function dvbfrontendgetevent, the function waiteventinterruptible is called; the condition used i...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: netlink: Annotate accesses to nlk-cbrunning Both netlinkrecvmsg and netlinknativeseqshow read nlk-cbrunning without locking it. Use READONCE for those operations. Add a corresponding WRITEONCE for netlinkdump and...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: posix-timers: A mechanism is added to prevent livelock in the itimerdelete function. The itimerdelete function contains a retry loop when the timer expires simultaneously. On non-RT kernels, this is simply a spin-wait until the...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021532)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021532 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASKRUNNING vub300enablesdioirq works...

CVE-2026-43352

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RINGCTRLABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: 1. The driver unconditionally issues a ring abort even when the ring has already stopped. 2. The...

CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RINGCTRLABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: 1. The driver unconditionally issues a ring abort even when the ring has already stopped. 2. The...

CVE-2026-43260

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix RSS context delete logic We need to free the corresponding RSS context VNIC in FW everytime an RSS context is deleted in driver. Commit 667ac333dbb7 added a check to delete the VNIC in FW only when netifrunning is tru...

CVE-2026-43227

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/shtmu: Always leave device running after probe The TMU device can be used as both a clocksource and a clockevent provider. The driver tries to be smart and power itself on and off, as well as enabling and...

CVE-2026-43061

A flaw was found in the Linux kernel's 8250 serial driver when utilizing Direct Memory Access DMA. An issue arises when a DMA transaction is terminated asynchronously, as the system may not properly clear the dma-txrunning flag. This prevents subsequent transmit TX DMA transactions from being...