1731 matches found
EUVD-2026-32563
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection,...
CVE-2026-42280
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...
CVE-2026-42280
The CVE reports an issue in auth0-js where versions 8.11.0–9.32.0 may improperly return user profile information when a valid access token is used with a crafted invalid ID token, in scenarios where access control relies on Auth0 Actions. Root cause: improper validation in the Auth0.js SDK. Impac...
CVE-2026-42280 Improper Permission Checking in Auth.js SDK
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...
CVE-2026-45864
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent infinite loops caused by the next valid being the same When processing valid within the range valid : pos, if valid cannot be retrieved correctly, for example, if the retrieved valid value is always the same, th...
CVE-2026-45858
In the Linux kernel, the following vulnerability has been resolved: ext4: don't zero the entire extent if EXT4EXTDATAPARTIALVALID1 When allocating initialized blocks from a large unwritten extent, or when splitting an unwritten extent during end I/O and converting it to initialized, there is...
UBUNTU-CVE-2026-45858
In the Linux kernel, the following vulnerability has been resolved: ext4: don't zero the entire extent if EXT4EXTDATAPARTIALVALID1 When allocating initialized blocks from a large unwritten extent, or when splitting an unwritten extent during end I/O and converting it to initialized, there is...
CVE-2026-46002
The CVE affects the Linux kernel ext2 filesystem handling of inodes with i_nlink == 0 and a non-zero i_mode with zero i_dtime. A crafted image could present such an inode to the VFS, triggering WARN_ON in drop_nlink() via ext2_unlink(), ext2_rename(), and ext2_rmdir(). The fix extends the existin...
CVE-2026-46002
In the Linux kernel, the following vulnerability has been resolved: ext2: reject inodes with zero inlink and valid mode in ext2iget ext2iget already rejects inodes with inlink == 0 when imode is zero or idtime is set, treating them as deleted. However, the case of inlink == 0 with a non-zero mode...
CVE-2026-45892
Summary of CVE-2026-45892 : In the Linux kernel ext4 code, during the split of an unwritten extent, a zeroing step after partial validation could leave a stale unwritten extent in the extent status tree. Specifically, splitting at B with EXT4_EXT_DATA_PARTIAL_VALID1 and EXT4_EXT_MAY_ZEROOUT could...
CVE-2026-45892 ext4: drop extent cache after doing PARTIAL_VALID1 zeroout
In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache after doing PARTIALVALID1 zeroout When splitting an unwritten extent in the middle and converting it to initialized in ext4splitextent with the EXT4EXTMAYZEROOUT and EXT4EXTDATAVALID2 flags set, it could...
CVE-2026-45864
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent infinite loops caused by the next valid being the same When processing valid within the range valid : pos, if valid cannot be retrieved correctly, for example, if the retrieved valid value is always the same, th...
CVE-2026-45858
In the Linux kernel, the following vulnerability has been resolved: ext4: don't zero the entire extent if EXT4EXTDATAPARTIALVALID1 When allocating initialized blocks from a large unwritten extent, or when splitting an unwritten extent during end I/O and converting it to initialized, there is...
CVE-2026-45858
In the Linux kernel, the following vulnerability has been resolved: ext4: don't zero the entire extent if EXT4EXTDATAPARTIALVALID1 When allocating initialized blocks from a large unwritten extent, or when splitting an unwritten extent during end I/O and converting it to initialized, there is...
CVE-2026-45858
CVE-2026-45858 affects the Linux kernel ext4 code. The issue occurs when allocating initialized blocks from a large unwritten extent or splitting an unwritten extent during end I/O, potentially leaving stale data if a split happens in the middle. The problem centers on ext4_split_extent() splitti...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the WebSocket upgrader process. An attacker can gain unauthorized interactive shell access to containers by initiating a WebSocket connection from a same-site origin that carries the victim's valid...
CVE-2026-45858
ext4: dont zero the entire extent if EXT4EXTDATAPARTIALVALID1...
PT-2026-43759
In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache after doing PARTIAL VALID1 zeroout When splitting an unwritten extent in the middle and converting it to initialized in ext4 split extent with the EXT4 EXT MAY ZEROOUT and EXT4 EXT DATA VALID2 flags set, i...
CVE-2026-46002
ext2: reject inodes with zero inlink and valid mode in ext2iget...
PT-2026-43725
In the Linux kernel, the following vulnerability has been resolved: ext4: don't zero the entire extent if EXT4 EXT DATA PARTIAL VALID1 When allocating initialized blocks from a large unwritten extent, or when splitting an unwritten extent during end I/O and converting it to initialized, there is...