Alibaba Sentinel - Server-side request forgery (SSRF)

There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter. id: CVE-2021-44139 info: name: Alibaba Sentinel - Server-side request forgery SSRF author:...

UBUNTU-CVE-2026-53170

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject DMA commands with uninitialized length cmdstateinit initializes the command state with memset0xff, leaving dma-len at U64MAX to signal missing setup. The only setter is NPUSETDMA0LEN; if userspace omits this...

EUVD-2026-39523

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds,...

CVE-2026-53170

Concrete details confirm a vulnerability in the Linux kernel accel/ethosu driver: cmd_state_init() leaves dma->len at U64_MAX to signal uninitialized length, and dma_length() can wrap a positive stride to a small value, causing a bypass of region checks in ethosu_job.c when userspace omits the...

CVE-2026-53170 accel/ethosu: reject DMA commands with uninitialized length

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject DMA commands with uninitialized length cmdstateinit initializes the command state with memset0xff, leaving dma-len at U64MAX to signal missing setup. The only setter is NPUSETDMA0LEN; if userspace omits this...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Prevent out-of-bounds access The while loop in raspberrypidiscoverclocks relies on the assumption that the ID of the last clock element is zero. Since this data comes from the Videocore firmware, and it does not...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: PCI: mt7621: Added a sentinel to the quirks table. The current driver lacks a sentinel in the struct socdeviceattribute array, which causes a buffer overflow error when the socdevicematchmt7621pciequirksmatch function is called...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915/perf: added a sentinel to xehpoabcounters. Arrays passed to reginrangetable should end with an empty record. The patch fixes a bug detected by KASAN with the following signature: BUG: KASAN: global-out-of-bounds in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: adc: axp20xadc: Add a missing sentinel to the AXP717 ADC channel maps. The AXP717 ADC channel maps lacks a sentinel entry at the end. This causes a KASAN warning. Please add the missing sentinel entry...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: phy: ralink: mt7621-pci: add sentinel to quirks table By fixing socdevattr to register the SOC as a device, the kernel will encounter an OOPs error in socdevicematchattr. This quirks test was introduced in the staging driver in t...

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. The redis-cli command-line tool and the redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This issue arises due to a vulnerability in the hiredis...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: Errata: Add missing sentinel entries to Spectre-BHB MIDR arrays The commit a5951389e58d arm64: errata: Add newer ARM cores to the spectrebhbloopaffected lists added some additional CPUs to the Spectre-BHB workaround. This...

PT-2026-48482

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 2.0.0 through 2.0.13 Description Private services configured with EnableShowInService: false are enumerable, leading to the leak of service names and timing data. While the main service-listing endpoint correctly...

Reconstructing AI activity in investigations

AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...

MAL-2026-5431 Malicious code in @webd-infra/query-designer-domain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c7713f23c6a0044172532693bc43aee0d785a980fc5c83ba1f773af9082e3b3 The package's package.json declares its only dependency ltidisafe as a direct tarball URL:...

Malicious code in @demica/shared (npm)

Note: This report is updated by a verification record Dep-confusion squat of internal @demica/shared at sentinel high version 99.99.100 + auto-exec postinstall canary.js beaconing to RAW IP 157.230.17.236:80/dc. Sentinel-high-version + auto-exec beacon = MALICIOUS per operator policy c913;...

Malicious code in @demica/resources (npm)

Note: This report is updated by a verification record Dep-confusion squat of internal @demica/resources at sentinel high version 99.99.100 + auto-exec postinstall canary.js beaconing to RAW IP 157.230.17.236:80/dc. Sentinel-high-version + auto-exec beacon = MALICIOUS per operator policy c913;...

MAL-2026-5349 Malicious code in @demica/core (npm)

Dep-confusion squat of internal @demica/core at sentinel high version 99.99.100 + auto-exec postinstall canary.js beaconing to RAW IP 157.230.17.236:80/dc. Sentinel-high-version + auto-exec beacon = MALICIOUS per operator policy c913; "authorized benign canary" framing does NOT downgrade, raw-IP...

SUSE CVE-2026-46307

In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: The ath5k driver seems to do an array-index-out-of-bounds access as shown by the UBSAN kernel message: UBSAN: array-index-out-of-bounds in...

UBUNTU-CVE-2026-46307

In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: The ath5k driver seems to do an array-index-out-of-bounds access as shown by the UBSAN kernel message: UBSAN: array-index-out-of-bounds in...