CVE-2026-48042

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O100K nested objects are present. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1...

CVE-2026-48042

Envoy (open source edge and service proxy) contains a stack overflow vulnerability in the destructor of a JSON object when processing extremely nested structures. Affected versions are prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1. The issue is fixed in those same release lines (upgrade to 1.35.11...

CVE-2026-53193

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA timer component. This vulnerability occurs when a timer object is freed while timer instances are still associated with it, particularly when userspace-driven timers are involved. A local user can exploit this by...

EUVD-2026-39596

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

EUVD-2025-210344

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

CVE-2026-53054

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix VMBIND UNMAP locking Wrong argument meant that the objs involved in UNMAP ops were not always getting locked. Since NOSHARE objs share a common resv with the VM which is always locked this would only show up with...

EUVD-2026-38922

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix VMBIND UNMAP locking Wrong argument meant that the objs involved in UNMAP ops were not always getting locked. Since NOSHARE objs share a common resv with the VM which is always locked this would only show up with...

CVE-2026-53054 drm/msm: Fix VM_BIND UNMAP locking

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix VMBIND UNMAP locking Wrong argument meant that the objs involved in UNMAP ops were not always getting locked. Since NOSHARE objs share a common resv with the VM which is always locked this would only show up with...

openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects

A flaw was found in openCryptoki, a PKCS11 Cryptographic Token Interface Standard library. The BER/DER Basic Encoding Rules/Distinguished Encoding Rules decoding functions in the shared common library do not properly validate attacker-controlled length fields against actual buffer boundaries. Thi...

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects

A flaw was found in openCryptoki, a PKCS11 Cryptographic Token Interface Standard library. The BER/DER Basic Encoding Rules/Distinguished Encoding Rules decoding functions in the shared common library do not properly validate attacker-controlled length fields against actual buffer boundaries. Thi...

CVE-2026-47209

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This vulnerability allows an attacker to bypass security restrictions by writing dangerous cross-realm Symbol keys to host objects. This can lead to a compromise of the integrity of the host system, potentially enabli...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables – A memory leak occurred during the stateful object update. Stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The -init function wa...

Astra Linux – Vulnerability in Firefox

An attacker was able to perform out-of-bounds read or write operations on a JavaScript object by exploiting a bug related to range-based bounds checks. This vulnerability affects Firefox versions prior to 124.0.1...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm: slub: Avoid waking up kswapd in settrackprepare settrackprepare may cause lock recursion. The issue arises because it is called from hrtimerstartrangens, which holds percpuhrtimerbasesn.lock. However, when...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Avoid NULL pointer dereferencing for evicted BOs It is possible for a BO to exist that is not currently associated with a resource, for example, because it has been evicted. When devcoredump attempts to read the contents...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure The xesyncentryparse function can allocate references such as syncobj, fence, chain fence“, or user fence before encountering later failure paths. Several of those...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/ttm: fixed handling of CCS Crucible + recent Mesa sometimes causes the following issue: GEMBUGONnumccsblks NUMCCSBLKSPERXFER It seems that this issue can also be triggered with gemlmemswapping, if we modify the tests ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/xe: Do not allow eviction of BOs within the same VM in an array of VM binds An array of VM binds may potentially evict other buffer objects BOs within the same VM under certain conditions, which could lead to NULL pointer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/panthor: Fixed handling of partial GPU mapping of BOs This commit fixes the bug in handling partial mapping of buffer objects to the GPU, which caused kernel warnings. Panthor did not handle correctly the case where the...