CVE-2026-5946

Summary of CVE-2026-5946 (CVE entry for named in BIND) : The issue involves the DNS message handling in the BIND 9 recursive resolver (named) when processing DNS classes other than IN (e.g., CHAOS/HESIOD) or non-IN data in questions. According to the sources, specially crafted requests reaching c...

Astra Linux - уязвимость в thunderbird

If a Thunderbird user responded to a crafted HTML email containing a meta tag, where the meta tag had the http-equiv="refresh" attribute, and the content attribute specified a URL, then Thunderbird would initiate a network request to that URL, regardless of any configuration settings that block...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: igc: Fixed page faults in handling XDP TX timestamps. If an XDP application that requested TX timestamping shuts down while the link of the interface in use is still active, the following kernel-related issues are reported:...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix for corruption during online resizing We observed corruption during online resizing of a file system that is larger than 16 TiB and has a 4k block size. When there are more than 2^32 blocks, resizeinode is turned off by...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to avoid potential memory corruption in updateiostatlatency. A sanity check for iotype was added to prevent potential memory corruption. This addresses the compile error below: fs/f2fs/iostat.c:231...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed a slab-out-of-bounds read in hdrdeletede. Here is a bug report from syzbot: Bug: KASAN: Slab-out-of-bounds in hdrdeletede+0xe0/0x150, fs/ntfs3/index.c:806. A read of size 16842960 was performed at address...

CVE-2026-39467

Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0...

[SECURITY] Fedora 44 Update: kernel-7.0.9-202.fc44

The kernel meta package...

[SECURITY] Fedora 43 Update: kernel-7.0.9-102.fc43

The kernel meta package...

Nuxt: Reflected XSS in `navigateTo()` external redirect

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

GHSA-FX6J-W5W5-H468 Nuxt: Reflected XSS in `navigateTo()` external redirect

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

Moderate: Red Hat Security Advisory: luksmeta security update

An update for luksmeta is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2026-8727

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

EUVD-2026-30854

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

PT-2026-41867

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

TYPO3 Extension Site Crawler 代码问题漏洞

TYPO3 Extension Site Crawler is an open-source extension for TYPO3 that handles site crawling and indexing tasks. There are code vulnerabilities in TYPO3 Extension Site Crawler; these vulnerabilities stem from the direct deserialization of the X-T3Crawler-Meta response header, which may lead to...

CVE-2026-44557

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the validatecollectionaccess function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory- and file- patterns. All other collection...

Off-by-one Error

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Off-by-one Error

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Off-by-one Error

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...