Astra Linux - уязвимость в libjettison-java

An infinite recursion occurs in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This results in a StackOverflowError exception being thrown...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fixed a reference leak in amdgpuuserqwaitioctl. Also, removed the reference to syncobj and timeline fence when aborting the ioctl, as it caused issues due to the output array being too small. This issue was...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: drm/shmem-helper: Removed the erroneous “put” operation in the error path. The drmgemshmemmmap function does not handle this reference properly, resulting in the GEM object being freed prematurely, leading to a “use-after-free...

Astra Linux - уязвимость в wayland

An internal reference count is maintained on the buffer pool; this count increments every time a new buffer is created from the pool. The reference count is stored as an integer. On LP64 systems, this can lead to an overflow if the client creates a large number of wlshm buffer objects, or if it...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-sysman: Fixed reference leak issue. If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned. This means that we need to handle this situation appropriately. In such cases,...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: think-lmi: Fixed reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned, and that reference needs to be disposed of using kobjectput. The validation of the...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a reference count leak when an invalid session is found during session lookup. When a session is found, but its state is not SMB2SESSIONVALID, it indicates that no valid session was found. However, the reference coun...

EUVD-2026-31063

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

CVE-2026-6566

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

CVE-2026-6566 Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

CVE-2026-6566 Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

CVE-2026-6566

CVE-2026-6566 affects WordPress plugin NextGEN Gallery (Photo Gallery, Sliders, Proofing and Themes) up to version 4.2.0. The vulnerability is an Insecure Direct Object Reference in the image deletion REST flow: DELETE /imagely/v1/images/{id} only enforces NextGEN Manage gallery permission and do...

CGA-5QMW-JGP5-G755

Bulletin has no description...

CGA-3WCR-XVW9-78HH

Bulletin has no description...

CGA-W9PF-V2X9-WFC2

Bulletin has no description...

CGA-754G-VC6G-2HXM

Bulletin has no description...

CVE-2026-43617

creationtimestamp| type| source ---|---|--- 2026-05-20 03:07:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmawgue5xu2p 2026-05-20 04:18:43+00:00| seen| https://vulnerability.circl.lu/bundle/98dfc241-f74a-4ad3-9b5d-a312ab6e6c87 2026-05-20 09:58:23+00:00| seen|...

PT-2026-44382

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.3 Description An Insecure Direct Object Reference IDOR exists in the Admin API, which allows authenticated administrators to change the password of any user account, including SuperAdmin accounts, without proper...

PT-2026-42112

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021636 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsocket: fix sk refcount leaks We must put 'sk' reference before returning. Tenable...