Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)

Before Kentico Xperience 13 Hotfix 173, this vulnerability can be exploited with any username provided. For Hotfix = 173 and = 173 and 178, this vulnerability can be exploited only if you provide a valid Staging Service username default: admin impact: | Unauthenticated attackers can bypass...

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

CVE-2026-53179

In the Linux kernel (staging rtl8723bs), a buffer over-read was fixed in rtw_update_protection: a pointer offset into the ies buffer was used with the full ie_length, allowing over-read. The vulnerability affected the kernel's handling of 802.11 IEs in that path; the patch corrects the length usa...

MAL-2026-6311 Malicious code in @thymelab/logfx (npm)

@thymelab/logfx malicious version 2.15.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

MAL-2026-6210 Malicious code in @apexcraft/nano-key (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c46938b3634fb4de89ddf44b765e1c766c871a40fb31c54609c1b3526074e65c @apexcraft/nano-key advertises itself as a 12-byte sortable ID generator README and repository metadata are copied from yiwen-ai/xid-ts, an unrelated...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834writefrequency, clkgetrate may return 0. In such cases, the call to ad9834calcfreqreg will result in a division by zero. Checking if fout clkfreq / 2 do...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: A memory leak has been fixed in imufmt. We are no longer losing a reference to an allocated memory when trying to use it. We’ve changed the order of the checks to avoid that issue...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fixed the issue with cb7210 pcmcia. The pcmciadriver struct still used the old initialization of the .name field in the drv field. This caused a NULL pointer dereferencing issue in the strcmp function called from...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs – fixed a potential memory leak in rtwinitdrvsw. In rtwinitdrvsw, various initialization functions are called to populate the padapter structure, and certain checks are performed on their return values. However...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Staging: rtl8712: fixed a use-after-free in rtl8712dlfw Syzbot reported a use-after-free in rtl8712dlfw. The issue occurred due to a race condition between r871xudevremove and dondoopen callbacks. It’s clear from the crash log...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Staging: vmeuser: Fixed a potential UAF in tsi148dmalistadd. A match report warning is as follows: drivers/staging/vmeuser/vmetsi148.c:1757 tsi148dmalistadd warning: “&entry-list” was not removed from list. In tsi148dmalistadd, t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Staging: media: max96712: Fixed a kernel oop when removing the module. The following kernel oop occurred when attempting to remove the max96712 module: Unable to handle the kernel paging request at the virtual address...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

A issue was discovered in the Linux kernel before version 6.3.2. A use-after-free was found in the rkvdecremove function in drivers/staging/media/rkvdec/rkvdec.c...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Staging: rtl8712 – fixed bugs related to use after freeing memory. The Read/WriteMACREG callbacks are set to NULL, so the read/writemacreghdl functions do nothing other than freeing the “pcmd” pointer. This results in a...

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

DEBIAN-CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

UBUNTU-CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

CVE-2026-54056

Kitty (GPU-based terminal) vulnerability CVE-2026-54056 affects versions 0.47.0–0.47.1 where a remote drag-and-drop via kitten dnd staging can overwrite or truncate arbitrary files writable by the local user. The attack chains a staged remote text/uri-list, exploiting a race in staging where a st...