Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtw89 – Fixed the potential zero-beacon-interval issue in beacon tracking. During fuzz testing, it was discovered that bssconf-beaconint might be zero, which could lead to a division-by-zero error in subsequent...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: If hcicmdsyncqueueonce returns -EEXIST, it indicates that a queue item already exists. hcicmdsyncqueueonce needs to indicate whether a queue item was added, so that the caller can know if callbacks are...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fixed an NPE in gncmBind. The commit 56a512a9b410 “usb: gadget: fncm: Aligned netdevice lifecycle with bind/unbind” deferred the allocation of the netdevice. This change results in a NULL pointer derefrence in t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xfs: check the return value of xchkscrubcreatesubord. This function should be fixed to return NULL instead of the mangled ENOMEM value. Additionally, the calling functions should be corrected to actually check for a null pointer...

CVE-2026-24160

NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service...

CVE-2026-24160

CVE-2026-24160 affects NVIDIA TensorRT-LLM for any platform. The vulnerability stems from an unchecked return value that may lead to a null pointer dereference , with the documented impact of a denial of service . The connected sources (NVD, NVIDIA security bulletin) confirm the affected product ...

CVE-2026-24160

NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service...

CVE-2026-24160

NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service...

EUVD-2026-31058

NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service...

PT-2026-42089

Name of the Vulnerable Software and Affected Versions NVIDIA TRT-LLM affected versions not specified Description An issue exists where an unchecked return value can lead to a null pointer dereference, which occurs when a program attempts to read or write to a memory location using a pointer that ...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021554)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021554 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4evictinode' Syzbot found the following issue:...

PT-2026-42256

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id GET parameter directly into a hidden input field VALUE attribute...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021640)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021640 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1...

Improper Validation of Syntactic Correctness of Input

Overview @libp2p/kad-dht is a JavaScript implementation of the Kad-DHT for libp2p Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the verifyRecord function that leads to the unlimited message processing since rate limits are applied onl...

@libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

Summary An unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a crafted ke...

GHSA-32MQ-HPPH-XFVR @libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

Summary An unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a crafted ke...

GHSA-HCF7-66RW-9F5R Trubo: Login callback CSRF/session fixation

Impact Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a request to the local callback server with an attacker-controlled token. If accepted before the...

CLSA-2026-1779212665 php: Fix of 14 CVEs

CVE-2018-5711: fix infinite loop in gdImageCreateFromGifCtx - CVE-2018-5712: remove file name from phar stub error output XSS - CVE-2018-10545: do not set PRSETDUMPABLE in php-fpm workers by default - CVE-2018-10546: fail iconvmimedecode on invalid multibyte sequences - CVE-2018-10547: escape...

kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nfflowpppoeproto syzbot found a potential access to uninit-value in nfflowpppoeproto Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in...

EUVD-2026-30884

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAYBACKLOG requests MAYBACKLOG requests can return EBUSY. Handle them by checking for that value and filtering out EINPROGRESS notifications...