Authentication Bypass Using an Alternate Path or Channel

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via failureforward Subrequest. An attacker could manipulate the failurepath parameter...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix for read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will be abandoned during retry. The abandonment process expects that the subreq variable will be set to t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set the max subreq size for cache writes to MAXRWCOUNT Set the maximum size of a subrequest that writes to cachefiles to be MAXRWCOUNT so that we don't overrun the maximum write we can make to the backing filesystem...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfs: Fixed the early read unlock of pages with an EOF condition in the middle. The collection of read results for buffered reads seems to occur ahead of the completion of subrequests under certain circumstances. This can be see...

SUSE CVE-2026-31435

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get abandoned during retry. The abandonment process expects the 'subreq' variable to be set to the place...

EUVD-2026-24758

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get abandoned during retry. The abandonment process expects the 'subreq' variable to be set to the place...

CVE-2026-31435

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get abandoned during retry. The abandonment process expects the 'subreq' variable to be set to the place...

CVE-2026-31435 netfs: Fix read abandonment during retry

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get abandoned during retry. The abandonment process expects the 'subreq' variable to be set to the place...

CVE-2026-31435

Summary: CVE-2026-31435 affects the Linux kernel netfs read-abandonment path during retries. The root cause is an uninitialized/invalid subreq pointer used in the abandonment flow, which can lead to abandoning remaining subrequests incorrectly and may cause a kernel oops/DoS. Several connected ad...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the netfs mechanism’s issue during retries when reading abandoned files. This issue may lead to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013484 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - fix the aead software fallback for engine Due to the subreq pointer misus...

PT-2026-34340

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment during retry Under certain circumstances, all the remaining subrequests from a read request will get abandoned during retry. The abandonment process expects the 'subreq' variable to be set to the place...

Exploit for Incorrect Authorization in Vercel Next.Js

CVE-2025-29927 — Next.js Middleware Authentication Bypass...

CVE-2025-71201

A race condition flaw was found in the Linux kernel's netfs subsystem. In the netfsreadunlockfolios function, a folio memory page may be unlocked prematurely before the ZERO subrequest completes clearing the tail portion of the page beyond the end-of-file. This allows an application using mmap to...

CVE-2025-71201

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the completion of subrequests under some circumstances, as can be seen in the following log snippet:...

CVE-2025-71201

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the completion of subrequests under some circumstances, as can be seen in the following log snippet:...

CVE-2025-71201 netfs: Fix early read unlock of page with EOF in middle

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the completion of subrequests under some circumstances, as can be seen in the following log snippet:...

PT-2026-8125

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix early read unlock of page with EOF in middle The read result collection for buffered reads seems to run ahead of the completion of subrequests under some circumstances, as can be seen in the following log snippet: 9p...

Next.js 15.2.3 Middleware Bypass Scanner

A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests, potentially allowing attackers to bypass authentication. This is a scanner to test version 15.2.3...

📄 Next.js 15.2.3 Middleware Authorization Bypass

This Python script checks whether a website built with Next.js is vulnerable to CVE‑2025‑29927, a middleware authorization bypass flaw triggered by the request header:x-middleware-subrequest...