CVE-2026-42080 PPTAgent: Arbitrary File Write via `save_generated_slides`

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via savegeneratedslides. This issue has been patched via commit 418491a...

EUVD-2026-26989

Memory corruption while processing IOCTL command when device is in power-save state...

CVE-2026-25266

Memory corruption while processing IOCTL command when device is in power-save state...

CVE-2026-25266

CVE-2026-25266 describes memory corruption in the IOCTL handling path when the device is in power-save state. The entry notes a local issue with low attack complexity and low privileges required, no user interaction, and a high impact on confidentiality, integrity, and availability per CVSS 3.1 (...

CVE-2026-25266 Exposed dangerous function in windows host

Memory corruption while processing IOCTL command when device is in power-save state...

CVE-2026-25266 Exposed dangerous function in windows host

Memory corruption while processing IOCTL command when device is in power-save state...

Malicious code in @t-in-one/save_application_hid_to_storage (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

PPTAgent 路径遍历漏洞

PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent, such as 418491a, contained a path traversal vulnerability. This vulnerability stemmed from issues with the savegeneratedslides function, which could allo...

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an open-source application developed by OpenC3. Vulnerabilities exist in versions of OpenC3 COSMOS prior to 6.10.5 and 7.0.0-rc3. These vulnerabilities stem from design flaws in the savetoolconfig function, allowing the ability to save tool configuration files at any position...

PT-2026-36849

CVE-2026-25266 Memory corruption while processing IOCTL command when device is in power-save state. https://t.co/jBvDx6qfre...

PT-2026-36858

Name of the Vulnerable Software and Affected Versions PPTAgent versions prior to commit 418491a Description An arbitrary file write issue exists in this agentic framework for reflective PowerPoint generation. The flaw occurs through the save generated slides function. Recommendations Update to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fixed the initialization of the ID register for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the kvm structure for each VM. For non-protected VMs, this structure is...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Reworked the handling of long task execution when adding/ deleting entries. When adding or deleting a large number of elements in one step using ipset, it may take considerable time, and soft lockup errors can...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolved TX timeout error in power save stress test This fixes the TX timeout issue that occurred during a stress test run on btnxpuart for several hours. As a result, the interval between two HCI commands...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RISCV: Vector: Fixed the context saving/restoring with xtheadvector. Previously, only v0-v7 were correctly saved/restored, and the context of v8-v31 was corrupted. Now, v8-v31 are correctly saved/restored to avoid breaking the us...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: x86/fpu: Fixed the copyxstatetouabi function to correctly copy init states. When an extended state component is not present in fpstate, but is present in init state, the function copies data from initfpstate using copyfeature...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fixed a memory leak during the transition from D3hot to D0 If the variable ‘vfiopcicoredevice::needspmrestore’ is set i.e., the PCI device does not have the NoSoftReset bit set in its PMCSR configuration register, then...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Warns when a triple fault assertion never “escapes” from L2 The warnings are removed because they perform a sanity check that ensures KVM never allows a triple fault in L2 to escape and end up in L1. In normal operation...

Astra Linux – Vulnerability in Python-Django

In Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1, directory traversal is allowed if the filenames are passed to it directly...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: State corruption has been prevented in fpurestoresig. The non-compacted slowpath uses copyfromuser to copy the entire user buffer into the kernel buffer, verbatim. This means that the kernel buffer may now contain entire...