Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Pages may be leaked if setmemoryencrypted fails. In CoCo VMs, it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail, resulting in an error and the shared of the memory...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: Do not clobber swpentryt during THP split. The following issue was observed when running stress mmap since the commit b653db77350c: “mm: Clear page-private when splitting or migrating a page.” Watchdog: BUG: Soft...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: accounts for free pages to prevent infinite loops in throttledirectreclaim. The task sometimes continues looping in throttledirectreclaim because allowdirectreclaimpgdat keeps returning false. The stack trace is as...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: perf/core: Abrupt exit if the requested AUX area is out of bounds. When using perf-record with a large AUX area, for example 4GB, the following error occurs: bash perf record -C 0 -m ,4G -e armspe0// -- sleep 1 Failed to mmap wit...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

Linux block and network PV device frontends do not zero memory regions before sharing them with the backend CVE-2022-26365, CVE-2022-33740. Additionally, the granularity of the grant table does not allow sharing smaller than a 4K page, resulting in unrelated data residing in the same 4K page as...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm: pagealloc: moving the mlocked flag to freepagesprepare Syzbot reported a problem with bad page state caused by a page being freed using freepage, while the mlocked flag is still present during the freepagesprepare stage: BUG:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bootmem: The vmemmap pages are removed from kmemleak when freeing the page. These pages were previously marked as part of kmemleak when allocated from a memblock. Removing them from kmemleak ensures that errors related to thes...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/hugetlb: restored global reservations to the subpool The commit a833a693a490 "mm: hugetlb: fixed an incorrect fallback for the subpool" fixed an underflow error caused by incorrectly attributing globally requested pages to...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipv4, ipv6: Fixed the handling of transhdrlen in ip,6appenddata. Including transhdrlen in the packet length is a problem when the packet is partially filled e.g., a sendMSGMORE operation occurred previously when appending to a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Free pages with an error in btrfsuringreadextent In this function, the ‘pages’ object is never freed, in the hope that it will be picked up by btrfsuringreadfinished whenever that function is executed in the future. But...

CVE-2026-11982

Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting XSS vulnerability in the Admin2 Pages API save flow...

CVE-2026-11982

Technical details about this CVE are not publicly available in the provided documents. Monitor for updates and refer to the cited references for any forthcoming specifics.

EUVD-2026-37916

Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting XSS vulnerability in the Admin2 Pages API save flow...

CVE-2026-11982 Stored XSS via missing XSS safety check in Admin2 Pages API partial validation

Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting XSS vulnerability in the Admin2 Pages API save flow...

CVE-2026-54419 PIAF-HMS multiple unauthenticated SQL injection vulnerabilities via mysql_query

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...

PT-2026-50696

Name of the Vulnerable Software and Affected Versions Grav version 2.0.0-rc.9 with Admin2 version 2.0.0-rc.14 Description A stored cross-site scripting XSS issue exists in the Admin2 Pages API save flow due to a missing XSS safety check during partial validation. Stored XSS occurs when an...

kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

Server-side Request Forgery (SSRF)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the prerenderedErrorPageFetch. An attacker can access sensitive information or interact with...

PhpMyAdmin <4.8.2 - Local File Inclusion

PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include view and potentially execute files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted...