Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fixed a fout leak in hbm's runbpfprog. Fixed the issue where fout was opened using fopen, but subsequently fclose wasn’t called. In the affected branch, fout otherwise would go out of scope...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Properly marking live registers for indirect jumps For the gotox rX instruction, the rX register should be marked as used in the computeinsnlive regs function. This issue has been fixed...

Astra Linux - уязвимость в tiff

A null source pointer passed as an argument to the memcopy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, a fix is available in the commit...

Astra Linux - уязвимость в mbedtls

Before version 2.16.5 of Arm Mbed TLS, attackers could obtain sensitive information an RSA private key by monitoring cache usage during an import process...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A hash collision flaw was discovered in the IPv6 connection lookup table within the Linux kernel’s IPv6 functionality. This flaw occurs when a user carries out a new type of SYN flood attack. A user located within the local network or with a high-bandwidth connection can cause the CPU usage of th...

CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

CVE-2026-8627

The CVE-2026-8627 entry affects the WordPress plugin Correct Prices (

Exploit for Command Injection in Litellm

CVE-2026-42271 — LiteLLM Authenticated Command Injection via M...

MAL-2026-4406 Malicious code in @mcpassure/mcp-anvisa-bulario (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e846cabb7b5077244737d7a465e944ebe7635db46cc55e7e5736eeda47d30938 dist/bootstrap.js references a hardcoded URL on pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev — an anonymous Cloudflare R2 bucket — and calls fetch...

PT-2026-42203

Name of the Vulnerable Software and Affected Versions OCaml-TLS versions prior to 2.1.0 Description The server implementation fails to properly validate the KeyUsage and ExtendedKeyUsage extensions of certificates provided by clients during mutual TLS mTLS authentication. This allows an attacker ...

PT-2026-42057

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

PT-2026-42202

Name of the Vulnerable Software and Affected Versions OCaml-TLS versions prior to 2.1.0 Description The client implementation in OCaml-TLS fails to properly validate the KeyUsage and ExtendedKeyUsage EKU extensions of server certificates during TLS 1.3 handshakes. Specifically, the answer...

ROS-20260520-73-0038

A vulnerability in the WebGPU component of the Google Chrome browser is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...

ROS-20260520-73-0036

A vulnerability in the Dawn component of Google Chrome browser is related to memory usage after release. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the sandbox protection mechanism using a specially crafted HTML page...

ROS-20260520-73-0039

A vulnerability in the FedCM component of Google Chrome browser is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...

ROS-20260520-73-0056

Vulnerability in chromium related to memory usage after its release. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021625)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021625 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelfind The per-netns IP tunnel hash tab...

Linux Distros Unpatched Vulnerability : CVE-2026-42006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this,...

CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021581)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021581 advisory. In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset...