net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

CVE-2026-9064

creationtimestamp| type| source ---|---|--- 2026-05-20 11:08:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbrclrmle2k...

CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...

EUVD-2026-31083

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...

CVE-2026-42960

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: cifs: preventing use-after-free by freeing the cfile later. In smb2compoundop, there is a potential use-after-free issue that may lead to difficult debugging problems in the future. This issue was identified during stress testing...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: BPF: Fixed potential improper dereferencing of pointers in bpfsysbpf. The bpfsysbpf helper function allows an eBPF program to load another eBPF program from within the kernel. In this case, the argument union bpfattr pointer...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Nouveau/UVMM: Fixed calculations of addresses/ranges for remap operations. The issue in dEQP-VK.sparseresources.imagerebind.2darray.r64i.1281288 was caused by incorrect calculations of addresses/ranges during remap operations...

Astra Linux - уязвимость в chromium

Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: zloop: fixed the KASAN use-after-free of tagset When a zoned loop device, or zloop device, is removed, the KASAN-enabled kernel reports “BUG KASAN use-after-free” in the blkmqfreetagset function. This bug occurs because...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ipv6: fixed a race condition between ipv6getifaddr and ipv6deladdr Although ipv6getifaddr operates under the RCU lock, it still allows hlistforeachentryrcu to return an item that has already been removed from the list. The memory...

Astra Linux - уязвимость в chromium

The inappropriate implementation in full-screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox URL bar through a crafted HTML page...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fixed the refcount leak in the address translation for armsmmudevice. The reference counting issue occurs in several exception handling paths of armsmmuiovatophyshard. When these error scenarios occur, the functio...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobusgetPhy The caller may pass any value as addr, which could lead to an out-of-bounds access to the mdiomap array. One existing case is in stmmacinitPhy, where -1 may be passed as addr...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Octeontx2-af: Added proper checks for fwdata. Firmware populates the MAC address, link modes supported, advertised, and EEPROM data in the shared firmware structure. Kernel access is via the MAC block CGX/RPM. Accessing fwdata...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Fixed the issue where the sevreceivestart command failed due to the absence of the decommission step. The current SEV context must be discontinued if binding an ASID fails after a receivestart. According to AMD’s SEV AP...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fixed a potential refcount underflow for idev. In addrconfmodrstimer, the reference to idev depends on whether rstimer is not pending. Then, the timeout of rstimer was modified. There is a time gap during which, if...

Astra Linux - уязвимость в zabbix

A stored XSS vulnerability has been detected in the Zabbix web application, specifically in the Maps element, when a URL field contains spaces before the URL...

Astra Linux - уязвимость в firefox

When a network error occurred during page loading, the previous content could remain visible, accompanied by a blank URL bar. This could be used to disguise a spoofed website. This vulnerability affects Firefox versions earlier than 126...