CVE-2026-42238

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: move the initialization of the replycachestats counters back to nfsdinitnet. The commit f5f9d4a314da “nfsd: move the reply cache initialization into nfsd startup” moved the initialization of the reply cache into nfsd startu...

CVE-2026-40977

When an application is configured to use ApplicationPidFileWriter, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16,...

CVE-2023-54276 nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net

In the Linux kernel, the following vulnerability has been resolved: nfsd: move init of percpu replycachestats counters back to nfsdinitnet Commit f5f9d4a314da "nfsd: move reply cache initialization into nfsd startup" moved the initialization of the reply cache into nfsd startup, but didn't accoun...

Mozilla: Use-after-free in <code>nsDNSService</code>

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up...