GHSA-RM5C-5X2P-48WR Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt

Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...

Security Bulletin: Security Vulnerabilities have been identified in IBM WebSphere Application Server bundled with IBM Financial Transaction Manager for Check Services

Summary IBM WebSphere Application Server is bundled with IBM Financial Transaction Manager v3.0.5.4. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

PT-2026-46853

Summary plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance without...

CVE-2026-46251

A flaw was found in the Linux kernel's Btrfs filesystem. When the EXTENTTREEV2 incompatibility flag is enabled, the block group tree's dirty list can become corrupted. This corruption occurs because the block group tree is incorrectly added to a commit list while already being tracked, leading to...

CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

CVE-2026-10294 PackageKit API pk-transaction.c g_file_test improper authorization

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

CVE-2026-10294

CVE-2026-10294 affects PackageKit up to 1.3.5. The vulnerable component is the API function g_file_test in src/pk-transaction.c. Manipulation of the argument frontend-socket leads to improper authorization. The issue can be exploited remotely, and the exploit has been disclosed publicly and may b...

CVE-2026-23557

A flaw was found in xenstored, a component of Xen. Any guest operating system can cause xenstored to crash by issuing an XSRESETWATCHES command within a transaction, leading to a denial of service DoS. This occurs due to an assertion assert triggering, which can halt the xenstored process...

Payment apps are watching what you say (Lock and Code S07E11)

This week on the Lock and Code podcast … In the United States today, you can have your bank account closed, your credit cards cancelled, and your online payments revoked for any number of crimes, like funding terrorism, engaging in money laundering, or violating sanctions. Sensible, right? Well,...

PackageKit authorization issue vulnerability

PackageKit is an open-source system for installing and updating software. Versions of PackageKit 1.3.5 and earlier have a licensing issue vulnerability. This vulnerability stems from incorrect handling of the parameter ‘frontend-socket’ in the function gfiletest within the API component file...

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the management tables for PaymentMethods, Currencies, and Carriers rendering inline switching options and...

CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix missing lastunlinktrans update when removing a directory When removing a directory we are not updating its lastunlinktrans field, which can result in incorrect fsync behaviour in case some one fsyncs the directory afte...

CVE-2026-46160

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix missing lastunlinktrans update when removing a directory When removing a directory we are not updating its lastunlinktrans field, which can result in incorrect fsync behaviour in case some one fsyncs the directory afte...

PT-2026-44283

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix missing last unlink trans update when removing a directory When removing a directory we are not updating its last unlink trans field, which can result in incorrect fsync behaviour in case some one fsyncs the directory...

CVE-2026-45934

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...

UBUNTU-CVE-2026-45934

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...

EUVD-2026-32463

In the Linux kernel, the following vulnerability has been resolved: ocfs2: split transactions in dio completion to avoid credit exhaustion During ocfs2 dio operations, JBD2 may report warnings via following call trace: ocfs2dioendiowrite ocfs2markextentwritten ocfs2changeextentflag ocfs2splitexte...

CVE-2026-45934

CVE-2026-45934 – Linux kernel/Btrfs issue : A vulnerability in Btrfs chunk allocation caused an EEXIST abort when non-consecutive gaps appeared during forced DUP chunk allocations, leading to a transaction abort with “Object already exists.” The problem manifests in btrfs_create_pending_block_gro...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from discontinuous gaps during block allocation in btrfs. This issue causes an EEXIST error in the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper transaction splitting during direct I/O completion in ocfs2, potentially leading to...