MINI-FF5F-X2FR-4VXM

Bulletin has no description...

GHSA-XVP4-PHQJ-CJR3 phpMyFAQ: IDOR Account Takeover

Summary An Insecure Direct Object Reference IDOR vulnerability in phpMyFAQ's Admin API allows any authenticated administrator to change the password of any user account, including SuperAdmin accounts userId=1, without authorization verification. An attacker with a low-privilege admin account can...

phpMyFAQ: IDOR Account Takeover

Summary An Insecure Direct Object Reference IDOR vulnerability in phpMyFAQ's Admin API allows any authenticated administrator to change the password of any user account, including SuperAdmin accounts userId=1, without authorization verification. An attacker with a low-privilege admin account can...

CVE-2026-22554

creationtimestamp| type| source ---|---|--- 2026-05-20 14:30:05+00:00| seen| https://infosec.place/objects/052b99be-ded8-4ed2-89eb-9aad7bf23954 2026-05-20 15:43:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcanqmdzj2o 2026-05-20 20:00:53+00:00| seen|...

CVE-2026-22314

creationtimestamp| type| source ---|---|--- 2026-05-20 12:43:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmbwm7vwyn2o...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.54 security and extras update

Red Hat OpenShift Container Platform release 4.17.54 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a security impact of...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.12 Security Update

New Red Hat build of Keycloak 26.4.12 packages are available from the Customer Portal Red Hat build of Keycloak 26.4.12 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...

RHSA-2026:19069 Red Hat Security Advisory: openssh security update

Bulletin has no description...

Arbitrary Code Injection

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Arbitrary Code Injection via the obj.expr dynamic attribute syntax and MacroReferenceExpression::compile. An attacker can execute arbitrary PHP code by supplying a...

Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

More info at https://symfony.com/cve-2026-46640...

GHSA-RHXG-9CM5-J9VX vulnerabilities

Vulnerabilities for packages: chromium...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: think-lmi: Fixed reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned, and that reference needs to be disposed of using kobjectput. The validation of the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: Redundant cssput calls have been removed from scxcgroupinit. The iterator cssforeachdescendantpre iterates through the cgroup hierarchy under cgrouplock. It does not increment the reference counts on css structs that ar...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: gro: fixed ownership transfer If packets are received using GRO, they may be segmented later on and continue their journey within the stack. In skbSegmentlist, these segments can be reused as they are. This is a problem because...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iio: mma8452: Fixed the issue with triggering references. The mma8452 driver directly assigns a trigger to the struct iiodev. When the IIO core uses this trigger, it calls iiotriggerput to decrement the reference count by 1...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed reference state management for synchronous callbacks Currently, the verifier verifies callback functions both synchronous and asynchronous as if they would be executed only once. The next instruction to be explored ...

Astra Linux - уязвимость в firefox, thunderbird

If an AlignedBuffer is assigned to itself, the subsequent self-move operation may lead to an incorrect reference count, potentially causing a use-after-free issue. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fixed the crash caused by hcisuspendsync. If hciunregisterdev frees the hcidev object, but hcisuspendnotifier may still access it, this can cause the program to crash. Here is the call trace: 102152.653246 Call Trace:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: phy: intel-xway: fixed OF node reference count leakage. Automated reviews identified a leakage of the OF node reference count when checking whether the ‘leds’ child node exists. The Call ofputnode function is used to correct...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: EROFS: Fix for incorrect early exits in invalid metabox-enabled images Crafted EROFS images with metadata compression enabled can trigger incorrect early exits, leading to folio reference leaks. However, this does not cause syste...