Astra Linux - уязвимость в node-minimatch

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

CVE-2026-40306 DNN has same HostGUID for all new installs

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

CVE-2026-40305

DNN (DotNetNuke) is affected by CVE-2026-40305 in versions 6.0.0 through 10.2.1, where a crafted request in the friends feature could force the acceptance of a friend request on another user. The issue is fixed in version 10.2.2 (patch). Affects DotNetNuke Platform’s friend-acceptance flow and is...

CVE-2026-20166

In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover...

Splunk Enterprise 9.3.0 < 9.3.10, 9.4.0 < 9.4.9, 10.0.0 < 10.0.4, 10.2.0 < 10.2.1 (SVD-2026-0304)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0304 advisory. - In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7,...

OPENSUSE-SU-2026:10265-1 qemu-10.2.1-1.1 on GA media

These are all security issues fixed in the qemu-10.2.1-1.1 package on the GA media of openSUSE Tumbleweed...

DEBIAN-CVE-2026-26996

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

UBUNTU-CVE-2026-26996

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

CVE-2026-26996

CVE-2026-26996 affects minimatch, a glob-to-RegExp utility. Versions 10.2.0 and earlier are vulnerable to a Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal not present in the test string. Each * creates a separate [^/]*?...

CVE-2026-26996

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

PT-2026-20994

Name of the Vulnerable Software and Affected Versions minimatch versions 10.2.0 and below Description The software is susceptible to Regular Expression Denial of Service ReDoS when processing glob patterns containing numerous consecutive wildcards followed by a literal character absent from the...

OPENSUSE-SU-2026:10207-1 frr-10.2.1-4.1 on GA media

These are all security issues fixed in the frr-10.2.1-4.1 package on the GA media of openSUSE Tumbleweed...

CVE-2019-11345

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS...

CVE-2024-2253

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

EUVD-2017-11558

Malware in sbrugna...

EUVD-2025-19032

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-11941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8. CVE-2024-11941...

CVE-2025-52570

Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections TCP, UDP and Unix socket for the services letmeind and letmeinfwd. Therefore, the command line option...

CVE-2025-52570

CVE-2025-52570 affects the Letmein port-knock implementation. Before version 10.2.1, the connection limiter is implemented incorrectly, allowing an arbitrary number of simultaneous incoming connections (TCP, UDP, and Unix socket) for the services letmeind and letmeinfwd. The num-connections optio...

CVE-2025-52570 Letmein connection limiter allows an arbitrary amount of simultaneous connections

Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections TCP, UDP and Unix socket for the services letmeind and letmeinfwd. Therefore, the command line option...