CVE-2026-4093

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

CVE-2026-4093 Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

CVE-2026-4093

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

CVE-2026-4093 Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

CVE-2026-4093

CVE-2026-4093 is a stored XSS in the Drupal 7 Term Reference Tree module affecting versions up to and including 7.x-1.11. Two vectors are described: Vector A (token display templates): attacker-controlled token output (e.g., term description) is rendered without proper sanitization when the Token...

CVE-2026-4929 Simple Hierarchical Select (Drupal 7) XSS in term-derived output

Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...

PT-2026-42579

Name of the Vulnerable Software and Affected Versions Simple Hierarchical Select SHS for Drupal 7 versions 7.x-1.0 through 7.x-1.10 Description Cross-site scripting risk exists due to improper output escaping of term-derived text. Malicious taxonomy term names can be rendered unsafely depending o...

PT-2026-42578

Name of the Vulnerable Software and Affected Versions Drupal 7 Term Reference Tree versions 7.x-1.x through 7.x-1.11 Description Two stored Cross-Site Scripting XSS vectors exist in the widget/formatter rendering pipeline. The first vector occurs when the Token module is enabled and token display...

Drupal 跨站脚本漏洞

Drupal is an open-source content management system developed using the PHP language by the Drupal community. Versions of Drupal 7.x-1.11 and earlier, including 7.x-1.x, have a cross-site scripting vulnerability. This vulnerability stems from the rendering pipeline of the Term Reference Tree...

Botnet Detection on CTU-13 Using Lightweight Machine Learning Models

Botnets are among the most persistent cyber threats, enabling large-scale attacks such as spam, credential theft, and distributed denial-of-service DDoS. While deep learning approaches have recently been applied to botnet detection, they are computationally intensive and often lack...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: amba: bus – fix refcount leak The commit 5de1540b7bc4 from drivers/amba: create devices from device tree increases the refcount of ofnode, but does not release it in ambadevicerelease. This results in a refcount leak. By using...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Avoid device tree lookups in rtasosterm. rtasosterm is called during panic. Its behavior depends on several conditions in the /rtas node of the device tree; traversing these nodes involves locking and changes to loc...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed a potential race condition when creating a tree that connects to IPC. Protected access to TCPServerInfo::hostname when naming the IPC tree; this is because the name might be freed by the cifsd thread, potentially...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed an issue where rebuilding the free space tree using multiple transactions failed. When rebuilding the free space tree, and while modifying the free space tree, we may need to allocate a new metadata block group. If w...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sdm845-db845c: Marking the splash memory region as reserved. A reserved memory region was added for the framebuffer memory the splash memory region set up by the bootloader. This fix resolves a kernel panic...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: “Revert ‘arm64: zynqmp: Add an OP-TEE node to the device tree’” This issue has been resolved through the commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically inserts a reserved-memory node along...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Firmware: armscpi: Fixed string overflow in the SCPI genpd driver. Without the bounds checks for scpipd-name, a buffer overflow could occur when copying the SCPI device name from the corresponding device tree node. This occurs...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed the re-dirty process of tree-log nodes There is a report of a transaction abort with the following script: !/bin/sh for d in sda sdb; do mkfs.btrfs -d single -m single -f /dev/$d done mount /dev/sda /mnt/test moun...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ext4: fixed the bug in estreesearch Hulk Robot reported a BUG: kernel BUG at fs/ext4/extentsstatus.c:199! ... RIP: 0010:ext4esend fs/ext4/extentsstatus.c:199 inline RIP: 0010:estreesearch+0x1e0/0x260 fs/ext4/extentsstatus.c:21...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: - regulator: pfuze100 – Fixed the refcount leak in pfuzeparseregulatorsdt. - ofnodeget now returns a node with the refcount incremented. - calling ofnodeput to drop the reference when it’s no longer needed...