Express-handlebars - Local File Inclusion

Express-handlebars is susceptible to local file inclusion because it mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

CVE-2026-53051

A flaw was found in the Linux kernel. During a specific hardware reset sequence, the system attempts to access hardware registers before the PCI Express controller is fully powered on. This premature access can cause a Control Backbone CBB timeout, leading to system unresponsiveness. This issue c...

CVE-2026-53229

A flaw was found in the Linux kernel's mlx5e driver. When an XDP eXpress Data Path transmission fails, the driver does not properly unmap DMA Direct Memory Access addresses or free allocated XDP frames. This oversight can lead to a continuous leak of DMA resources and XDP frames, potentially...

CVE-2026-53229

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix DMA and xdpframe leak on XDPTX xmit failure In the XSK branch of mlx5exmitxdpbuff, when sq-xmitxdpframe returns false e.g. XDPSQ is full, the function returns without unmapping the DMA address or freeing the...

CVE-2026-53216

The CVE-2026-53216 issue affects the Linux kernel, specifically the mvpp2 XDP path. Short BM pool buffers can be smaller than PAGE_SIZE, but xdp_buff is initialized with PAGE_SIZE, causing XDP tail growth validation to miscompute and potentially exceed the real allocation, risking memory corrupti...

EUVD-2026-39306

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...

CVE-2026-53177

In the Linux kernel, the bnxt_en driver fixes a NULL pointer dereference in PCIe error handling. The vulnerability arises when PCIe errors detected by a Root Port or Downstream Port trigger error recovery on subordinate devices even if the NIC is administratively down. Specifically, the .error_de...

EUVD-2026-39268

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .errordetected callback,...

mongo-express Remote Code Execution

mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the toBSON method and misuse the vm dependency to perform exec commands in a non-safe environment. id: CVE-2019-10758 info: name: mongo-express Remote Code Execution author: princechaddha severity: critical...

EUVD-2026-38919

In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on When PERST is deasserted twice assert - deassert - assert - deassert, a CBB Control Backbone timeout occurs at DBI register offset 0x8bc PCIEMISCCONTROL1OFF...

MAL-2026-6220 Malicious code in chai-as-uphelded (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa7f5470790594e55393048fee0e7a9e6e6650776a06717258e410292d4dc8a9 Package name impersonates the popular chai-as-promised library, but its package.json description and keywords masquerade as a pino-style logger and a...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: wifi: iwlwifi: pcie: fixed a possible NULL pointer dereference issue It is possible that iwlpciprobe may fail and free the trans structure. After that, iwlpciRemove may be called, but it will crash when trying to access a tran...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl/pmem: Fixed leaks in cxlpmemregion and cxlmemdev. When a cxlnvdimm object undergoes an -remove operation where the device is physically removed, nvdimmbridge is disabled, or the nvdimm device is disabled, any associated...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nvme-core: fixed a memory leak in dhchapsecretstore Free the dhchapsecret in nvmectrldhchapsecretstore before returning. Fixed the following kmemleak: Unreferenced object 0xffff8886376ea800 size 64: Command "check", PID 22048,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: “drm/amd: Check if ASPM is enabled from the PCIe subsystem” has been reverted. This reversion is associated with the commit 7294863a6f01248d72b61d38478978d638641bee. This commit was erroneously applied again after the commit...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: PCI: brcmstb: Fixed the error handling path after a call to regulatorbulkget. If regulatorbulkget returns an error and no regulators are created, we need to set their number to zero. If we do not perform this action, and the PCIe...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: MIPS: Loongson64: DTS: Actually fixed the PCIe port nodes for ls7a. Fixed the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning interruptprovider: /bus@10000000/pci@1a000000: 'interrupt-cells' found,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – Fixed the GCCGCCPCIEHOTRST definition for WCN7850 The GCCGCCPCIEHOTRST definition for WCN7850 was incorrectly set, causing a kernel crash on some specific platforms. Since the state of this register differs between...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl/ras: Fixed the device confusion related to the CPER handler. Upon inspection, the cxlcperhandleproterr function makes several fragile assumptions that can lead to crashes: 1. It assumes that the endpoints identified in the...