Astra Linux - уязвимость в poppler-22, poppler

In Poppler 22.07.0, the PDFDoc::savePageAs function in PDFDoc.c allows attackers to cause a denial-of-service attack the application crashes with SIGABRT by manipulating a PDF file in which the xref data structure is improperly handled during the getCatalog process. Note that this vulnerability i...

CVE-2026-6395

The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and including 0.9.2. This is due to the complete absence of nonce verification on the settings save handler in the w2cadmin function, combined with missing inp...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021607)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021607 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spinunlockirqrestore called with IRQs enabled Fix missuse of...

CLSA-2026-1779122764 nano: Fix of CVE-2024-5742

CVE-2024-5742: emergencysave applied chmod/chown to a path after the descriptor was closed, allowing a symlink swap to redirect the ownership change to an attacker-controlled file - Backport of upstream commit 5e7a3c2e from nano v8.0, adapted to the 5.6.1 codebase writefile signature predates the...

CVE-2023-31316

Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor ASP could allow an attacker with the ability to write outside the trusted memory range TMR to change the execution flow of the Video Core Next VCN firmware potentially...

CVE-2023-31316

Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor ASP could allow an attacker with the ability to write outside the trusted memory range TMR to change the execution flow of the Video Core Next VCN firmware potentially...

CVE-2023-31316

Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor ASP could allow an attacker with the ability to write outside the trusted memory range TMR to change the execution flow of the Video Core Next VCN firmware potentially...

EUVD-2023-35627

Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor ASP could allow an attacker with the ability to write outside the trusted memory range TMR to change the execution flow of the Video Core Next VCN firmware potentially...

CVE-2023-31316

CVE-2023-31316 affects the AMD Secure Processor (ASP) and Video Core Next (VCN) firmware. The root cause is improper preservation of hardware configuration state during a power save/restore operation, allowing a local attacker who can write outside the trusted memory range (TMR) to alter VCN firm...

PT-2026-41240

Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor ASP could allow an attacker with the ability to write outside the trusted memory range TMR to change the execution flow of the Video Core Next VCN firmware potentially...

CVE-2026-3290

Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values...

CVE-2026-3290

CVE-2026-3290 affects the HRNG in the RS9116. When power-save mode is enabled, timing limitations produce predictable random values, as described in the connected records. The CVSS 4.0 vector indicates high impact on confidentiality and integrity with adjacent access and no privileges, and passiv...

CVE-2026-3290 Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values

Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values...

EUVD-2026-30381

Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values...

CVE-2026-3290 Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values

Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values...

CVE-2026-45147 SiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any...

EUVD-2026-30357

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs. POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST...

CVE-2026-6510

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwarsaverecipe AJAX handler. This makes it possible for unauthenticated...

CVE-2026-6510 InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Privilege Escalation via 'iwar_save_recipe'

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwarsaverecipe AJAX handler. This makes it possible for unauthenticated...

CVE-2026-6510

The CVE-2026-6510 entry describes a privilege-escalation flaw in the InfusedWoo Pro WordPress plugin. Affected component: iwar_save_recipe() AJAX handler; root cause: missing nonce verification and capability checks. Impact: unauthenticated attackers can craft a URL to pair an HTTP post trigger w...