CVE-2026-43488

The CVE covers Linux kernel USB xHCI: Host Controller Error (HCE) in UAS plug/unplug scenarios caused an interrupt storm when not cleared. The fix adds xhci_halt() handling in xhci_irq() for STS_HCE to mirror STS_FATAL error handling; full HCE recovery requires resetting/re-initializing the xHC. ...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: core – Ensure that the LLD module reference count is set after the SCSI device is released. The SCSI host release is triggered when the SCSI device is freed. We must ensure that the low-level device driver module is not...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013241)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013241 advisory. In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about acce...

QNAP Qsync Central 安全漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained security vulnerabilities. These vulnerabilities were caused by excessive pointer offsets, which could allow remote...

CVE-2025-15543

CVE-2025-15543 : In TP-Link VX800v v1.0, an improper link resolution in the USB HTTP access path can be triggered by a crafted USB device, exposing the root filesystem contents and allowing a physically present attacker to read system files (read‑only). Connected sources also indicate a recommend...

CVE-2025-55095

The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992305)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992305 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed...

CVE-2022-50756 nvme-pci: fix mempool alloc size

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. The result is used to determine how many PRP Lists are required. The code was...

CVE-2025-68331 usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer

In the Linux kernel, the following vulnerability has been resolved: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer When a UAS device is unplugged during data transfer, there is a probability of a system panic occurring. The root cause is an access to ...

CVE-2025-12896

Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked storage device...

CVE-2025-12902

Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked Storage Device or create a Denial of Service...

CVE-2025-12902

Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked Storage Device or create a Denial of Service...

Solidigm DC 安全漏洞

Solidigm DC is a solid state drive product from Solidigm, Inc. A security vulnerability exists in Solidigm DC that stems from improper firmware resource management and could lead to unauthorized access to a locked storage device by a local or physical attacker...

EUVD-2020-6014

Malware in sbrugna...

EUVD-2025-31938

Malicious code in bioql PyPI...

EUVD-2022-43581

Malicious code in bioql PyPI...

CVE-2021-25524

Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID...

Logic Flaw Vulnerability in DS-A80624S at Hangzhou Hikvision Digital Technology Co.

The DS-A80624S is a 24-drive network storage device from Hikvision. A logic flaw vulnerability exists in the DS-A80624S of Hangzhou Hikvision Digital Technology Co. that can be exploited by an attacker to obtain sensitive information...

CVE-2024-53991 Potential Backup file leaked via Nginx in Discourse

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

CVE-2024-50135 nvme-pci: fix race condition between reset and nvme_dev_disable()

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix race condition between reset and nvmedevdisable nvmedevdisable modifies the dev-onlinequeues field, therefore nvmepciupdatenrqueues should avoid racing against it, otherwise we could end up passing invalid values to...