PT-2026-42535

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Concrete CMS fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field during the process of saving page type composer form layouts. An authenticated...

cache-extensions (>=1.7.0 <=1.14.1) potentially affected by unknown CVE via setup-php (>=2.15.0 <=2.36.0)

setup-php NPM version =2.15.0, =1.7.0, =1.14.1 Source cves: unknown CVE Source advisory: SNYK:JS-SETUPPHP-16874160...

cache-extensions (>=1.9.1 <=1.14.1) potentially affected by CVE-2026-46420 via setup-php (>=2.25.0 <=2.36.0)

setup-php NPM version =2.25.0, =1.9.1, =1.14.1 Source cves: CVE-2026-46420 Source advisory: SNYK:JS-SETUPPHP-16874161...

MAL-2026-4194 Malicious code in libhmac (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fccbd481dd2bd04274c5045995a08ddbcf302780c24f39eb63821d5d63a998d1 The PyPI name 'libhmac' matches the well-known libyal/libhmac C forensics library HMAC primitive, but the package contents have nothing to do with HM...

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

Astra Linux - уязвимость в ruby-websocket-extensions

The websocket-extensions Ruby module before version 0.1.5 allowed Denial of Service DoS attacks through Regex backtracking. The extension parser could take quadratic time when parsing a header containing an unclosed string parameter value whose content was a repeated two-byte sequence of a...

Astra Linux - уязвимость в chromium

Insufficient policy enforcement in the Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions through a crafted Chrome Extension. Chromium security severity: Medium...

Astra Linux - уязвимость в samba

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client that can use a server symlink to determine whether a file or directory exists in a part of the server file system that is not exported under the share definition. This attack can only succeed if SMB1 with unix extensions i...

Astra Linux - уязвимость в chromium

Insufficient policy enforcement in the Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

Before version 104.0.5112.79, using “After Free” in Google Chrome extensions allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through specific UI interactions...

Astra Linux - уязвимость в chromium

Inappropriate implementations in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: DMA-Direct: Leakage of pages upon failure in dmasetdecrypted In TDX, it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail, resulting in an error and the return of decrypted/membered...

Astra Linux - уязвимость в chromium

The use of “after free” in Extensions in Google Chrome before version 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в golang-1.19

A malicious HTTP sender can use chunk extensions to cause the recipient reading from the request or response body to read much more bytes from the network than actually exist in the body. A malicious HTTP client can further exploit this to cause the server to automatically read a large amount of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race conditions in allocslabobjexts. If two competing threads enter allocslabobjexts, and one of them fails to allocate the object extension vector, it may override the valid slab-objexts allocated by the other thread...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: Ensure that the tx-skbs always have the MPTCP extensions. Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal is smaller than the skb size. This results in a la...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page...

Astra Linux - уязвимость в chromium

Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...

Astra Linux – Vulnerability in Firefox and Thunderbird

If a compromised content process sends an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out-of-bounds write would occur, leading to memory corruption and potentially exploitable crashes. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefo...

Astra Linux - уязвимость в postgresql-11

A vulnerability was discovered in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the...