Astra Linux – Vulnerability in Firefox

Because Firefox did not implement the unsafe-hashes CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy might have been able to inject executable scripts. This would be severely restricted by the specified Content Security Policy o...

Astra Linux – Vulnerability in Thunderbird, Firefox

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 108 and Firefox ESR 102.6. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This...

Astra Linux – Vulnerability in Thunderbird, Firefox

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially lead to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-108 (ALASNITRO-ENCLAVES-2026-108)

The version of docker installed on the remote host is prior to 25.0.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-108 advisory. The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with ...

MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills

AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, and tool permissions. Because a skill is at once code and agent-facing instruction, it introduces a supply chai...

Astra Linux - уязвимость в chromium

The use of “after free” in the Live Caption feature in Google Chrome before version 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through such interactions. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Thunderbird, Firefox

An outdated library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox versions earlier than 108...

Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-108 (ALASECS-2026-108)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-108 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

Astra Linux – Vulnerability in Firefox

Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 107. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been...

Astra Linux – Vulnerability in Firefox

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 108. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects versio...

Astra Linux – Vulnerability in Chromium

The use of “after free” in Profiles in Google Chrome before version 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

CVE-2026-1814

creationtimestamp| type| source ---|---|--- 2026-02-10 19:29:41+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/rapid7-security-advisory-av26-108 2026-05-14 17:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/84239 2026-05-14 21:00:04+00:00| seen|...

CVE-2020-37139 Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the applicatio...

CVE-2025-12386

Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...

EUVD-2025-206410

Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...

MiracleLinux 8 : binutils-2.30-108.el8 (AXSA:2021-2582:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2582:05 advisory. binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c readsection CVE-2021-3487 binutils: Race window allo...

Moxa多款产品 安全漏洞

MOXA EDF-G1002-BP Series and so on are products of Moxa China.MOXA EDF-G1002-BP Series is a series of industrial-grade local area network LAN firewalls.Moxa EDR-8010 Series and so on are products of Moxa Taiwan.Moxa EDR-8010 Series is a series of secure routers.Moxa EDR-G9010 Series is a series o...

Moxa多款产品 安全漏洞

MOXA EDF-G1002-BP Series and so on are products of Moxa China.MOXA EDF-G1002-BP Series is a series of industrial-grade local area network LAN firewalls.Moxa EDR-8010 Series and so on are products of Moxa Taiwan.Moxa EDR-8010 Series is a series of secure routers.Moxa EDR-G9010 Series is a series o...