Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak. A KMSAN kernel-infoleak was detected by the syzbot. net? KMSAN: kernel-infoleak in skbdatagramiter. In tcfifedump, the variable ‘opt’ was partially...

Astra Linux - уязвимость в firefox, thunderbird

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized, resulting in a bypass that allowed device permissions to be leaked into untrusted sub-documents. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: pl031: Fixed the issue of null pointer dereferencing in the RTC features. When there is no interrupt line, the RTC alarm feature is disabled. The clearing of the alarm feature bit was performed before allocating the ldata-rt...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fpga: Integer overflow has been prevented in dflfeatureioctlsetirq. The multiplication hdr.count sizeofs32 can cause integer overflow on 32-bit systems, leading to memory corruption. Use arraysize to fix this issue...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Networks: Fixed a stack overflow issue when LRO is disabled for virtual interfaces. When the features of a virtual interface are updated, the updated features are synchronized with its underlying interfaces. This synchronization...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4prepareInlinedata When running the following code on an ext4 filesystem with the inlinedata feature enabled, the following bug will occur: c fd = open"file1", ORDWR | OCREAT | OTRUNC, 0666;...

CVE-2026-45492

Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021608 advisory. In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccpfeatchangerecv If dccpfeatpushconfirm fails after new value for SP...

CVE-2026-45585

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be...

CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability

...

CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability

...

CVE-2026-34579

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...

EUVD-2026-30974

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

CVE-2026-42526

The CVE-2026-42526 vulnerability affects apache-airflow-providers-amazon backends for AWS Secrets Manager and SSM Parameter Store prior to 9.28.0. The team-scoping logic could resolve a conn_id containing a slash (for example a_team/conn) to the same path as another team’s secret when the caller ...

MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

CVE-2026-31388 Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature

Improper Access Control vulnerability in Apache OFBiz in multi-tenant deployments. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2026-31388

CVE-2026-31388 affects Apache OFBiz in multi-tenant deployments and is due to Improper Access Control, enabling cross-tenant data exposure via the Program Export feature. Affected versions are before 24.09.06. The advisory recommends upgrading to OFBiz 24.09.06 or later to fix the issue. No explo...

PT-2026-41955

Name of the Vulnerable Software and Affected Versions Archer AX72 SG version v1 Description The network diagnostic feature in the web management interface improperly handles invalid user input. An authenticated attacker with administrative privileges can exploit this to confirm the existence of t...

Detecting Data Exfiltration through I2P Anonymity Networks: A Two-Phase Machine Learning Approach

The Invisible Internet Project I2P provides strong anonymity through garlic routing and distributed network architecture, making it attractive for legitimate privacy needs. Nevertheless, the same properties can be exploited by malicious actors to steal sensitive information from corporate network...

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 contain security vulnerabilities. These...