Lucene search
K

252661 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Memory: Samsung; Exynos5422-DMC: The refcount leak in ofgetdramtimings has been fixed. ofparsephandle returns a node pointer with a refcount incremented. We should use ofnodeput on it when it is no longer needed. This function...

5.5CVSS5.8AI score0.0024EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: Prevent NULL dereferencing in cifscomposemountoptions. The optional @ref parameter may contain a NULL nodename. Therefore, prevent dereferencing it in cifscomposemountoptions. Address-Coverity: 1476408 „Explicit NULL...

5.5CVSS5.1AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Regulator: bq257xx: A leak in the device node reference occurred in bq257xxregdtparsegpio. In bq257xxregdtparsegpio, if the subchild is not successfully retrieved, the function returns without calling nodeputchild, resulting in a...

5.5CVSS5.6AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Error handling was added in xhcimapurbfordma. Currently, xhcimapurbfordma creates a temporary buffer and copies the SG list to the new linear buffer. However, if kzallocnode fails, the call to sgpcopytobuffer may lead ...

5.5CVSS6AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: cgroup: Use separate source/destination nodes when preloading csssets for migration. Each cssset is associated with its corresponding tasks. When moving tasks between csssets during a migration, we need to keep the source and...

7.8CVSS5.9AI score0.00274EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libraw

In LibRaw, there is an out-of-bounds write vulnerability within the "newnode" function libraw\src\x3f\x3futilspatched.cpp that can be triggered via a crafted X3F file...

5.5CVSS6AI score0.00369EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoc: audio-graph-card2 – Fixed a refcount leak issue in graphgettype. We should call ofnodeput for the reference before its replacement, since the reference was returned by ofgetparent, which increased the refcount. Additionally...

5.5CVSS5.2AI score0.00195EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fixed a potential memory leak in “addwidgetnode”. Since “kobjectadd” may allocate memory for “kobject-name” when returning an error. In this function, if the call to “kobjectadd” fails, the memory is not freed...

5.5CVSS6.1AI score0.00166EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in node-minimatch

Minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and earlier are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that does not...

8.7CVSS6.5AI score0.00519EPSS
Exploits1References2
OSV
OSV
added 2026/06/19 8:8 a.m.7 views

MAL-2026-6200 Malicious code in assert-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e21fa9c37e9944a00f7e85c7476f8fd4dc6bcd1f8fcd064a90488ef93d5bd12 [email protected] impersonates the chai assertion library bundles chai's source, contributors, and API surface under a different author and homepage...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/19 5:10 a.m.6 views

MAL-2026-6191 Malicious code in node-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d71bcdec983467ab6a47b538e524abc1cdafc98b411761bffb375be17d72009 On npm install, package.json's postinstall hook executes node test.js which invokes code in index.js that performs two distinct attacks on the...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 5:10 a.m.14 views

Malicious code in node-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d71bcdec983467ab6a47b538e524abc1cdafc98b411761bffb375be17d72009 On npm install, package.json's postinstall hook executes node test.js which invokes code in index.js that performs two distinct attacks on the...

5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51022

Name of the Vulnerable Software and Affected Versions Node.js version 22 Node.js version 24 Node.js version 26 Description A flaw in the Node.js HTTP Agent allows a client to accept a response as valid even if it was sent before the client transmitted the request. This issue has caused real-world...

4.3CVSS5.8AI score0.00359EPSS
Exploits1References82
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.36 views

CVE-2026-12048 pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

9.3CVSS0.0021EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 11:37 p.m.76 views

CVE-2026-12048

CVE-2026-12048 affects pgAdmin 4 (versions 6.0 up to 9.16). Stored XSS occurs when untrusted server-returned text is passed through html-react-parser in multiple user-facing sinks (toasts, dialogs, explain visualiser, SQL editor prompts, etc.), allowing an attacker-controlled PostgreSQL server to...

9.3CVSS5.4AI score0.0021EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/18 10:31 p.m.9 views

MAL-2026-6143 Malicious code in node-vfs-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb213e524ed75dcb54961d6d2ee9431ea6a32f4fdcb9d777bc260102920d81b On install, postinstall.js executes automatically and exfiltrates host reconnaissance data to attacker-controlled subdomains on oastify.com Burp...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 10:31 p.m.12 views

Malicious code in node-vfs-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb213e524ed75dcb54961d6d2ee9431ea6a32f4fdcb9d777bc260102920d81b On install, postinstall.js executes automatically and exfiltrates host reconnaissance data to attacker-controlled subdomains on oastify.com Burp...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 10:28 p.m.14 views

Malicious code in runtime-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ac68a991ebaacd1aef772aa462ad53510471f9f4439659a6e685e877aa460e On require, index.js lines 70-77 fetches JSON from https://jsonkeeper.com/b/CI3HT, extracts the .cookie field from the response, and passes it to new...

6.5AI score
Exploits0References2
OSV
OSV
added 2026/06/18 7:16 p.m.3 views

ALPINE-CVE-2026-48937

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS6.1AI score0.00445EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 7:16 p.m.5 views

UBUNTU-CVE-2026-48937

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS6AI score0.00445EPSS
Exploits0References3
Rows per page
Query Builder