CVE-2026-46732

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...

EUVD-2026-39402

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...

CVE-2026-12635

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

EUVD-2026-39168

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

CVE-2026-12635 Reliance on Reverse DNS Resolution for a Security-Critical Action in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

CVE-2026-12635

CVE-2026-12635 affects GitLab CE/EE prior to patch versions 18.11.6, 19.0.3, and 19.1.1. The root cause is improper URL validation that could allow an authenticated user with maintainer permissions to request internal network resources via mirror synchronization. The issue is documented across mu...

GitLab 8.3 < 18.11.6 / 19.0 < 19.0.3 / 19.1 < 19.1.1 (CVE-2026-12635)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an...

EUVD-2026-38892

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with the following trace with CONFIGINITONFREEDEFAULTON=y: BUG: kernel NULL...

EUVD-2026-38888

In the Linux kernel, the following vulnerability has been resolved: um: Fix potential race condition in TLB sync During the TLB sync, we need to traverse and modify the page table, so we should hold the page table lock. Since full SMP support for threads within the same process is still missing,...

CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

CVE-2026-54906

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can...

UBUNTU-CVE-2026-52925

In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent call to netdevmasterupperdevgetrcu will return a VRF device. They then...

CVE-2026-52925

The CVE-2026-52925 entry relates to the Linux kernel VRF handling. The vulnerability arose from a race where an RCU reader identifying a net device as a VRF port could dereference l3mdev operations of a master device (e.g., a bridge) after netdev_master_upper_dev_get_rcu() returned it as a VRF de...

CVE-2026-52918

The CVE-2026-52918 entry affects the Linux kernel Bluetooth code. Specifically, bt_sock_poll() traverses the accept_q queue without synchronization, while a child teardown can unlink the same socket and drop its last reference, enabling a race between polling and socket teardown. The documented f...

CVE-2026-48163

A flaw was found in MariaDB server. During the State Snapshot Transfer SST process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands ...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fix for a use-after-free of the timer for the log writer thread This patch series, titled “nilfs2: Fix for log writer-related issues”, addresses three issues related to the nilfs2 log writer. These include a...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A potential hang occurred in nilfsdetachlogwriter. Syzbot reported a potential hang during nilfsdetachlogwriter called when nilfs2 unmounts the file system. Analysis revealed that this issue arises because nilfssegctorsyn...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: veth: The GRO flag is cleared when XDP is disabled, even when the device is disabled. The NETIFFGRO flag is set automatically when XDP is enabled, because both features use the same NAPI mechanism. The logic for clearing the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Avoid setting PGmtetagged if no tags are cleared or restored Prior to commit 69e3b846d8a7 “arm64: mte: Sync tags for pages where PTE is untagged”, mtesynctags was only called for ptetagged entries those mapped with...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Drivers: Staging: rtl8192eu: Fixed a deadlock in rtwjoinbsseventprehandle. There is a deadlock in rtwjoinbsseventprehandle, as shown below: Thread 1 | Thread 2 | settimer rtwjoinbsseventprehandle | modtimer spinlockbh //1 | Wait...