WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...

WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting

WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tundetach Syzbot reported a use-after-free in tundetach. This causes a call trace like the following: ================================================================== BUG: KASAN: use-after-free i...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mshv: Fixed a use-after-free in the mshvmapusermemory error path. In the error path of mshvmapusermemory, calling vfree directly on the region causes the MMU notifier to remain registered. When the user space later unmaps the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: igb: A potential invalid memory access issue has been fixed in igbinitmodule. The pciregisterdriver function may fail. When this occurs, the dcanotifier needs to be unregistered. Otherwise, the dcanotifier can be called when igb...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Media: v4l: async: Fixed a NULL pointer dereferencing issue in the process of creating auxiliary links. In v4l2asynccreateancillarylinks, auxiliary links are created for lens and flash sub-devices. These are links between...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mac802154: fixed the missing INITLISTHEAD in ieee802154ifadd. The kernel fault injection test reports a NULL pointer dereference as follows: BUG: NULL pointer dereferencing in the kernel; address: 0000000000000008 RIP:...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Networks: Fixed a stack overflow issue when LRO is disabled for virtual interfaces. When the features of a virtual interface are updated, the updated features are synchronized with its underlying interfaces. This synchronization...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Fixed a crash that occurs when re-plugging CSR fake controllers. It seems that fake CSR 5.0 clones can cause the suspend notifier to be registered twice, resulting in the following kernel panic: 71.986122 Call Trace...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: KVM: Rejects attempts to consume or refresh inactive gfntopfncache. kvmgpccheck and kvmgpcrefresh are rejected if the cache is inactive. Not checking the active flag during refresh is particularly problematic, as KVM may end u...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init The struct v4l2asyncnotifier contains several listhead members, but only waitinglist and donelist are initialized. The notifierentry was left “zeroed”, resulting in an uninitialized...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: clk: A memory leak was fixed in devmclknotifierregister. devmclknotifierregister allocates a device resource for the clk notifier, but it does not register that resource with the device. As a result, the notifier remains...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: lib: cpurmap: Avoid using the function after freeing entries in the rmap-obj array. When calling irqsetaffinitynotifier with NULL as the notify argument, it will cause the glue pointer in the corresponding array entry to be freed...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fixed a reference count leak in pprnotifier. According to the comments for pcigetdomainbusandslot, it returns a PCI device with a reference count that increments after use. The caller must decrement the reference count...

CVE-2026-12048

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

USN-8405-2 cups regression

USN-8405-1 fixed vulnerabilities in CUPS. The update introduced a regression that cause CUPS to crash when parsing certain large printer PPD files. This update fixes the problem. Original advisory details: Ariel Silver discovered that CUPS incorrectly handled username comparisons during...

CVE-2026-39980

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

CVE-2026-46113

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This assumption breaks for shadow paging if the guest page tables are modifie...

SUSE CVE-2026-45973

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during device unload. See 1. In LAG mode the bond devic...

CVE-2026-45917

A flaw was found in the Linux kernel's IP Virtual Server IPVS component. A race condition exists between the network device notifier and the destination cache when a device is shutting down. This can lead to a leaked device reference, potentially causing system instability or a denial of service...