Intelbras Switch - Information Disclosure

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. id: CVE-2023-36144 info: name: Intelbras Switch - Information Disclosure author:...

EUVD-2026-39858

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

MSNSwitch Firmware MNT.2408 - Authentication Bypass

MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations. id: CVE-2022-32429 info: name:...

CVE-2026-53201

CVE-2026-53201 affects the Linux kernel, with multiple sources (NVD, OSV, Debian security tracker, Ubuntu, etc.) describing a fix that reverts a prior optimization. The issue arises because the idle-skip optimization in the DRM/xe path can bypass GuC suspend, potentially skipping the context-swit...

CVE-2026-53201 Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend"

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/xe: Skip exec queue schedule toggle if queue is idle during suspend" This reverts commit 8533051ce92015e9cc6f75e0d52119b9d91610b6. The idle-skip optimization bypasses GuC suspend, so the GPU may not perform the contex...

EUVD-2026-39156

sys/kern/sysvsem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in syssemget...

EUVD-2026-38879

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix use-after-free in advancesched on schedule switch In advancesched, when shouldchangeschedules returns true, switchschedules is called to promote the admin schedule to oper. switchschedules queues the old op...

CVE-2026-53011

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix use-after-free in advancesched on schedule switch In advancesched, when shouldchangeschedules returns true, switchschedules is called to promote the admin schedule to oper. switchschedules queues the old op...

CVE-2026-53011

The CVE-2026-53011 issue affects the Linux kernel net/sched taprio code. In advance_sched(), when should_change_schedules() is true, switch_schedules() promotes the admin schedule to oper and queues the old oper for RCU freeing, but next may still point into the old oper. The subsequent end_time ...

CVE-2026-53011 net/sched: taprio: fix use-after-free in advance_sched() on schedule switch

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix use-after-free in advancesched on schedule switch In advancesched, when shouldchangeschedules returns true, switchschedules is called to promote the admin schedule to oper. switchschedules queues the old op...

EUVD-2026-38605

Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: apikey and apisecret are declared nolog=True at the input level, but both credentials are immediately URL-encoded into a GET request as query parameters, bypassing all nolog protection. Vulnerable...

CVE-2026-54321

CVE-2026-54321 (Daytona) : Sandboxes that were switched from public to private could remain reachable without authentication for a short period due to a cached visibility state not invalidated on change. This affected Daytona versions 0.101.0 through 0.184.0 and allowed unauthenticated access to ...

PT-2026-51587

Name of the Vulnerable Software and Affected Versions Ansible affected versions not specified Description In the plugins/modules/nexmo.py module, the api key and api secret variables are marked as no log=True to prevent them from being logged. However, these credentials are URL-encoded and includ...

Malicious code in respects-switch (npm)

respects-switch is a dependency confusion proof-of-concept package published to the public npm registry by the account r0binak and self-labeled "Security research PoC - Dependency Confusion Hunter". It was published at the artificially high version 999.0.0, the canonical floating-version bait use...

GHSA-X84V-G949-293W Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN

Summary The Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False. A comment next to that line says auth is instead handled "via the access token from configuration." That...

Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN

Summary The Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False. A comment next to that line says auth is instead handled "via the access token from configuration." That...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Do not finalize the CSA in IBSS mode if the state is disconnected. When we are not connected to a channel, sending the “switch” announcement doesn’t make any sense. The BSS list is empty in that case. This causes...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, pairs only capable devices The use of devcom for OFFLOADS pairing is only possible on devices that support LAG. Filters are based on the device’s lag capabilities. This fix addresses an issue where...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment, including TLB...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places, such as commit b117e1e8a86d “net: dsa: delete dsalegacyfdbadd and dsalegacyfdbdel”, DSA is written under the assumption that higher layers perform...