CVE-2026-52991

A flaw was found in the Linux kernel's Pressure Stall Information PSI subsystem. A race condition exists between the file release and pressure write operations, specifically concerning the priv member of struct kernfsopenfile. This can lead to a use-after-free vulnerability or a NULL dereference,...

CVE-2026-52814

CVE-2026-52814 affects Gogs’ built-in Go SSH server, where unauthenticated clients can stall the SSH handshake to exhaust file descriptors, spawning unbounded goroutines and causing FD exhaustion that disrupts SSH access. Connected advisories (GHSA-XP79-5MX3-JX52) confirm the vulnerability detail...

EUVD-2026-38813

In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...

EUVD-2026-38951

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix RCU stall in bpffdarraymapclear Add a missing condresched in bpffdarraymapclear loop. For PROGARRAY maps with many entries this loop calls progarraymappokerun per entry which can be expensive, and without yielding this c...

CVE-2026-52945

The CVE-2026-52945 entry describes a Linux kernel issue caused by reverting the WireGuard device to threaded NAPI. Affected component is the WireGuard peer RX path in the kernel driver, where decryption can stall for a specific peer under heavy load. Root cause details: after dequeuing for decryp...

Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...

GHSA-XP79-5MX3-JX52 Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt7921 – Fixed a skb leak caused by missing txs in AMSDU. Txs may be dropped if the frame is aggregated in AMSDU. When this problem occurs, some SKBs are held by the driver, causing the network to stop temporarily. Ev...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: Fixed rcutasks stall in threaded busypoll I was debugging a NIC driver when I noticed that when I enabled threaded busypoll, bpftrace hung during startup. The output from dmesg was as follows: rcutaskswaitgp: rcutasks grace...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: fqpie: prevent dismantle issue For some reason, the fqpieDestroy function did not copy the working code from pieDestroy and other related functions, resulting in a persistent bug. Before calling...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: kprobes: Do not call disarmkprobe for disabled kprobes The assumption in disablekprobe is incorrect, and it may attempt to disarm a kprobe that is already disarmed, thereby triggering WARNONCE below. This issue can be easily...

CVE-2026-44645

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the renderLimit option can be fully bypassed by a % for % or % tablerow % tag whose body is empty. The renderLimit option is documented in docs/source/tutorials/dos.md as the...

kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration

A flaw was found in the Linux kernel. A local attacker could exploit a deadlock vulnerability due to incorrect lock ordering between foliolock and immaprwsem when migrating hugetlb file-backed folios. This could lead to hung tasks and potential system-wide stalls, resulting in a Denial of Service...

CVE-2026-45290

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR3-20260417.085727-30 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a vulnerability in Network to stal...

Exploit for CVE-2026-49975

CVE-2026-49975 — HTTP/2 Bomb PoC !CVEhttps://img.shields...

CVE-2026-46177

In the Linux kernel, the following vulnerability has been resolved: ipmi: Add limits to event and receive message requests The driver would just fetch events and receive messages until the BMC said it was done. To avoid issues with BMCs that never say they are done, add a limit of 10 fetches at a...

SUSE CVE-2026-46052

In the Linux kernel, the following vulnerability has been resolved: ceph: only dadd negative dentries when they are unhashed Ceph can call dadddentry, NULL on a negative dentry that is already present in the primary dcache hash. In the current VFS that is not safe. dadd goes through dadd to...

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to improper enforcement of security rules during concurrent execution of Security Mode Command and N2 handover procedures. An attacker can cause handover failures and disrupt networ...

CVE-2026-46052

In the Linux kernel, the following vulnerability has been resolved: ceph: only dadd negative dentries when they are unhashed Ceph can call dadddentry, NULL on a negative dentry that is already present in the primary dcache hash. In the current VFS that is not safe. dadd goes through dadd to...