EUVD-2026-15221

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in configfsopenfile In flushwritebuffer, &p-fragsem is acquired and then the loaded store function is called, which, here, is targetcoreitemdbrootstore. This function called filpopen, following...

CVE-2026-23292

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in configfsopenfile In flushwritebuffer, &p-fragsem is acquired and then the loaded store function is called, which, here, is targetcoreitemdbrootstore. This function called filpopen, following...

CVE-2026-23292

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in configfsopenfile In flushwritebuffer, &p-fragsem is acquired and then the loaded store function is called, which, here, is targetcoreitemdbrootstore. This function called filpopen, following...

UBUNTU-CVE-2026-23316

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix ARM64 alignment fault in multipath hash seed struct sysctlfibmultipathhashseed contains two u32 fields userseed and mpseed, making it an 8-byte structure with a 4-byte alignment requirement. In...

CVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs

In the Linux kernel, the following vulnerability has been resolved: net: sched: avoid qdiscresetalltxgt vs dequeue race for lockless qdiscs When shrinking the number of real tx queues, netifsetrealnumtxqueues calls qdiscresetalltxgt to flush qdiscs for queues which will no longer be used...

CVE-2026-23297 nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit().

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsdnlthreadssetdoit. syzbot reported memory leak of struct cred. 0 nfsdnlthreadssetdoit passes getcurrentcred to nfsdsvc, but putcred is not called after that. The cred is finally passed down to...

CVE-2026-23297

CVE-2026-23297 affects the Linux kernel’s NFS daemon (nfsd). The issue is a memory leak of struct cred caused by how nfsd_nl_threads_set_doit() passes current credentials to nfsd_svc() and later to _svc_xprt_create() without transferring ownership, leaving a refcount leak. SYZBOT identified a lea...

CVE-2026-23292 scsi: target: Fix recursive locking in __configfs_open_file()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in configfsopenfile In flushwritebuffer, &p-fragsem is acquired and then the loaded store function is called, which, here, is targetcoreitemdbrootstore. This function called filpopen, following...

CVE-2026-23292

CVE-2026-23292 : Linux kernel scsi: target: Fix recursive locking in __configfs_open_file(). The root cause was target_core_item_dbroot_store() attempting to open the file path (which is the same configfs file already held) using filp_open(), leading to potential nested frag_sem locking. The fix ...

Malicious Package

Overview @shennmine/baileys is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview path-external is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview svg-sizer-responsive is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview chai-as-emitted is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview revolut-merchant-widget is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

CVE-2026-26830

Summary of CVE-2026-26830 (pdf-image) : The npm package pdf-image (versions up to 2.0.0) is vulnerable to OS command injection through the pdfFilePath parameter. The functions constructGetInfoCommand and constructConvertCommandForPage interpolate user-controlled file paths into shell command stri...

PT-2026-27790

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the DHCP snooping feature that may allow a remote attacker to forward BOOTP packets between VLANs, leading to a denial of service DoS. This is caused by imprope...

PT-2026-28168

Name of the Vulnerable Software and Affected Versions Rails versions prior to 8.1.2.1 Rails versions prior to 8.0.4.1 Rails versions prior to 7.2.3.1 Description Active Storage, used for attaching cloud and local files in Rails applications, is susceptible to a denial-of-service condition. The...

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. There were security vulnerabilities in versions prior to 2.11.15 and 2.12.6 of Nats-Server. These vulnerabilities allowed malicious clients to exploit unlimited memor...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from specially crafted TIFF files that may cause excessive memory allocation during image...

Linux Distros Unpatched Vulnerability : CVE-2026-23313

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i40e: Fix preempt count leak in napi poll tracepoint Using getcpu in the tracepoint assignment causes an obvious preempt count leak because nothing invokes putc...