EUVD-2026-38523

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idnatounicodeinternal. The affected code is not present in libidn2...

CVE-2026-57053

CVE-2026-57053 affects GNU libidn before 1.44, with out-of-bounds reads of uninitialized memory in the ToUnicode APIs due to mishandling in idna_to_unicode_internal; the vulnerable code is not present in libidn2. The CVSSv3.1 base score is 4.0 (Medium), with LOCAL attack vector, HIGH complexity, ...

PT-2026-51573

Name of the Vulnerable Software and Affected Versions GNU libidn versions prior to 1.44 Description An issue exists in the ToUnicode APIs due to mishandling in the idna to unicode internal function, which can lead to out-of-bounds reads of uninitialized memory. Recommendations Update to version...

CVE-2026-44911

Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to invoke predefined...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A issue was discovered in l2capsockrelease in net/bluetooth/l2capsock.c in the Linux kernel before version 6.4.10. There is a use-after-free issue, as the children of a sk object are handled incorrectly...

Astra Linux – Vulnerability in TeXeVe-bin

In axohelp.c, before version 1.3 in axohelp, and in axodraw2 before version 2.1.1b, sprintf is handled incorrectly. This issue is present in distributions like TeXLive and other collections...

Astra Linux – Vulnerability in python-psutil

psutil also known as python-psutil from version 5.6.5 onwards may have a double-free issue. This issue occurs due to improper handling of reference counts within a while loop or for loop, which converts system data into a Python object...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB before version 10.6.2 allows an application to crash due to improper handling of a pushdown from a HAVING clause to a WHERE clause...

What Changed in OWASP Top 10 2025 and Recommendations for Each Category

Key Takeaways 1. The 2025 list introduces two new categories – Software Supply Chain Failures A03 and Mishandling of Exceptional Conditions A10 - reflecting attacks already happening in production. 2. Security Misconfiguration jumping from 5 to 2 signals that continuous deployment without...

Apple macOS 后置链接漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 and earlier contained a backlink vulnerability, which was caused by improper handling of symbolic links. This vulnerability could allow applications to...

CVE-2026-21017

Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files...

Libwebsockets 安全漏洞

Libwebsockets is a standardized network library open-sourced by the lws-team. Versions of Libwebsockets 4.5.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the lwssshParseplaintext function in the SSH Protocol Handler component’s plugins/protocollwssshbase/sshd.c...

curl: SMTP connection reuse ignores --ssl-reqd / CURLOPT_USE_SSL and reuses a clear-text STARTTLS session on current master

Summary: Current master reintroduces a STARTTLS connection-reuse bug in SMTP. After commit 91dcf4e610 url: urlmatchdestination fix, curl/libcurl can reuse an already-established clear-text smtp:// session for a later logical request that explicitly requires TLS via --ssl-reqd or CURLOPTUSESSL =...

CVE-2026-24194

CVE-2026-24194 affects the NVIDIA GPU Display Driver for Linux. It is a vulnerability in a kernel-mode layer handler that can allow improper permission handling. Exploitation could lead to denial of service, privilege escalation, information disclosure, data tampering, and code execution. The iss...

EUVD-2026-31804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18...

VulnCheck KEV: CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

Astra Linux - уязвимость в poppler-22, poppler

In Poppler 22.07.0, the PDFDoc::savePageAs function in PDFDoc.c allows attackers to cause a denial-of-service attack the application crashes with SIGABRT by manipulating a PDF file in which the xref data structure is improperly handled during the getCatalog process. Note that this vulnerability i...

Astra Linux – Vulnerability in Linux

In intelpmudrainpebsnhm in arch/x86/events/intel/ds.c of the Linux kernel, up to version 5.11.8 on some Haswell CPUs, user-space applications such as perf-fuzzer can cause a system crash due to improper handling of the PEBS status in a PEBS record, also known as CID-d88d05a9e0b6...

CVE-2026-44926

InfoScale CmdServer before 7.4.2 mishandles access control...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-psutil (UTSA-2026-017488)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017488 advisory. psutil aka python-psutil through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into ...