CVE-2026-43326

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...

CVE-2026-43314

In the Linux kernel, the following vulnerability has been resolved: dm: remove fake timeout to avoid leak request Since commit 15f73f5b3e59 "blk-mq: move failure injection out of blkmqcompleterequest", drivers are responsible for calling blkshouldfaketimeout at appropriate code paths and...

SUSE-SU-2026:1777-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38234: sched/rt: Fix race in pushrttask bsc1246057. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259797...

Remote Code Execution

Sonatype Nexus Repository is vulnerable to Remote Code Execution. The vulnerability is due to a flaw in the task management component, where an authenticated attacker with task creation permissions can bypass the nexus.scripts.allowCreation security control and execute arbitrary code...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition between task migration and iteration within cgroups, potentially leading to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the xprtrdma component failing to decrement ep-rereceiving when rpcrdmapostrecvs fails or exits...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the zerovruntime tracking fix in sched/fair. This vulnerability may lead to abnormal task...

PT-2026-39100

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between task migration and iteration within the cgroup component. When a task is migrated out of a css set, the cgroup migrate add task function moves the task fr...

PT-2026-39078

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sched/mmcid component regarding the handling of vfork and CLONE VM. A logic error occurs when the number of tasks associated with a process is smaller than the...

Linux Distros Unpatched Vulnerability : CVE-2026-43439

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cgroup: fix race between task migration and iteration When a task is migrated out of a cssset, cgroupmigrateaddtask first moves it from cset-tasks to...

PT-2026-39079

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists during concurrent fork operations where a newly forked task is accounted as an MMCID user before it becomes visible in the process thread list and the global task...

CVE-2026-41928

CVE-2026-41928 affects Vvveb before 1.0.8.2. Affected: cron controller component which exposes an information disclosure vulnerability. Root cause: unauthenticated access allows retrieval of the application’s secret cron key from the cron controller response, enabling potential misuse to trigger ...

CVE-2026-41928 Vvveb < 1.0.8.2 Information Disclosure via Cron Controller

Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access the cron controller without authentication and retrieve the exposed secret key from the response,...

Hatchet affected by cross-tenant information disclosure in `listTasksByDAGIds`

Summary A missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any tenant on the same Hatchet instance could query the endpoint with another tenant's UUID and a DAG UUID belongi...

kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the task handling process continues to run when the FarSync T series cards a...

PT-2026-38279

Name of the Vulnerable Software and Affected Versions Hatchet versions prior to 0.83.39 Description A missing authorization directive on the 'GET /api/v1/stable/dags/tasks' endpoint caused the tenant-membership check to be skipped. An authenticated user on a multi-tenant instance could query this...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fore200e driver failing to properly cancel the task queue when a device is removed, potential...

CVE-2026-42234

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

CVE-2026-42234 n8n: Python Task Runner Sandbox Escape

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...