9026 matches found
CVE-2026-54309
CVE-2026-54309 affects n8n when the MCP Browser is run with HTTP transport. The MCP endpoint accepts session initialization and tool invocation without authentication, enabling unauthenticated callers (including websites visited by the user) to access browser-control tools (navigation, JavaScript...
Datart v1.0.0-rc.3 - Remote Code Execution
Datart v1.0.0-rc.3 contains a vulnerability that allows remote attackers to execute arbitrary code via INIT connection parameters. id: CVE-2025-56819 info: name: Datart v1.0.0-rc.3 - Remote Code Execution author: Redmomn severity: critical description: | Datart v1.0.0-rc.3 contains a vulnerabilit...
EUVD-2026-38339
A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...
EUVD-2026-38231
MISP allowed an authenticated site administrator to set the Kafkardkafkaconfig setting to an arbitrary filesystem path. MISP subsequently parsed the referenced INI file and passed its options to rdkafka. A crafted attacker-controlled configuration file could use rdkafka options such as...
EUVD-2026-38089
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...
kernel: nvmet-tcp: fix race between ICReq handling and queue teardown
A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fixed invalid PNP driver unregistration The Comedi low-level driver “c6xdigio” appears to be for a parallel port-connected device. When the Comedi core calls the driver’s Comedi “attach” handler c6xdigioattach t...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: stmmac: Clearing the variable when destroying the workqueue Currently, when suspending the driver and stopping the workqueue, it is checked whether workqueue is not NULL. If it is NULL, the workqueue is destroyed. The function...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: lockd: Other missing fields are set when unlocking files. The vfslockfile function expects that the struct filelock structure is fully initialized by the caller. If the flfile field is NULL after re-exporting NFSv3, an OOP err...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer. Since the report buffer is used by various drivers in various ways, let’s initialize it to zero during allocation, so that it cannot ever be used to leak kernel memory through special...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Video: fbdev: smscufx: Fixed null-ptr-deref in ufxusbprobe I received a report of a null-ptr-deref issue: Bug: NULL pointer dereferencing in the kernel; address: 0000000000000000 … RIP: 0010:fbdestroymodelist+0x38/0x100 … Call...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtw89: Fixed a potential race condition between napiinit and napienable. A race condition can occur if netdev is registered, but NAPI is not initialized yet. Meanwhile, the user space starts the netdev that will enable...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: netpoll: Initialize the work queue before error checks. A kernel warning is prevented when the netconsole setup fails on devices with the IFFDISABLENETPOLL flag. The warning occurs because the cleanup process attempts to...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Fork: Defer linking of the vma file until vma is fully initialized. Thorvald reported a WARNING 1. The root cause of the issue lies in a race condition: - CPU 1: fork; - CPU 2: hugetlbfsfallocate; - dupmmap: hugetlbfspunchhole...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer The syzbot report indicates a kernel vulnerability at the vcsread function 1. The buffer can be read immediately after the resizing operation. Initialize the buffer using kzalloc...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: schedext: bpfiterscxdsqnew should always initialize the iterator. BPF programs may call next and destroy on BPF iterators even after new returns an error value e.g., the bpfforeach macro ignores error returns from new...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The “sample” local struct is used to push data to user space from a triggered buffer. However, there is a flaw in the structure, specifically between the temperatur...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Initialize subdev before controls In the function ov5647initcontrols, we call v4l2getsubdevdata, but this initialization is actually done by v4l2i2csubdevinit within the probe function. Currently, this happens...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: The sock code: The protection check for psock vs. ULP needs to be reimplemented. Commit 8a59f9d1e3d4 “sock: Introduce sk-skprot-psockupdateskprot” moved the inetcskhasulpsk check from skpsockinit to the new tcpbpfupdateproto...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Input: appletouch – Initialize work before device registration. Syzbot has reported a warning in flushwork. This warning occurs due to work-func == NULL, which indicates that work initialization was missed. This issue can occur...