CVE-2026-41838 Spring Framework Predictable Session ID in WebSocket Module

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A heap out-of-bounds write vulnerability in the Linux Kernel Performance Events perf component of the Linux kernel can be exploited to achieve local privilege escalation. If the perfreadgroup function is called when the siblinglist of an event is smaller than that of its child, it may increment o...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk80xx does have endpoint checking implemented, some issues may still go unnoticed. Depending on the hardware model, URBs can have either bulk or interrupt types, and the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use safe list iterator to avoid a use after free This loop is freeing the variable “clk”, so it needs to use listforeachentrysafe. Otherwise, it will dereference a freed variable to get the next item in the loop...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check the device memory pointer before using it. Add a NULL check before accessing device memory to prevent a crash if the dev-dm allocation in mlx5initonce fails...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an invalid baudbase can result in uartclk being zero, which will cause a divide by zero error in uartgetdivisor. The check for uartclk...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: jfs: Do not walk off the end of ealist. Add a check before visiting the members of ea to ensure that each ea remains within the ealist...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/client: Fixed a memory leak in drmclientmodesetprobe. When a new mode is set to modeset-mode, the previous mode should be freed. This fixes the following kmemleak reports: drmmodeduplicate+0x45/0x220 drm...

CVE-2025-36368

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, and 6.2.1.0 through 6.2.1.11 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or...

GHSA-6HCQ-HMM3-JJ3C Spring MVC and WebFlux has Server Sent Event stream corruption

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

CVE-2025-14510

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: hfsplus: removed the mutexlock check in hfsplusfreeextents Syzbot reported an issue with the hfsplus filesystem: ------------ cut here --- WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 hfsplusfreeextents+0x700/0xad0 Ca...

EUVD-2023-36358

Malicious code in bioql PyPI...

EUVD-2023-0228

Malicious code in bioql PyPI...

CVE-2025-55747

CVE-2025-55747 — XWiki Platform Information Disclosure . Affected: XWiki Platform versions 6.1-milestone-2 through 16.10.6. Root cause: configuration files are exposed via the webjars API, enabling remote access to sensitive configuration data. Evidence across connected sources confirms this is a...

PT-2025-35831

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 6.1-milestone-2 through 16.10.6 Description: The XWiki Platform is a generic wiki platform. Affected versions allow access to configuration files through the webjars API. This issue is resolved in version 16.10.7...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: uprobes: Reject the shared zeropage in uprobewriteopcode We triggered the following crash in syzkaller tests: BUG: Bad page state in process syz.7.38 pfn:1eff3 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0...

com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=6.1.0 <=6.1.3), com.airbus-cyber-security.graylog:graylog-plugin-correlation-count (=6.1.0) +3 more potentially affected by CVE-2025-46827 via org.graylog2:graylog2-server (>=6.1.0 <=6.1.1)

org.graylog2:graylog2-server MAVEN version =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.0, =6.1.1 Source cves: CVE-2025-46827 Source advisory: SNYK:JAVA-ORGGRAYLOG2-10116752...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0) +799 more potentially affected by CVE-2024-38819 via org.springframework:spring-webflux (>=6.1.0 <=6.1.13)

org.springframework:spring-webflux MAVEN version =6.1.0, =0.2.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.3.1, =1.0.0, =1.0.9 and more Source cves: CVE-2024-38819 Source advisory: OSV:GHSA-G5VR-RGQM-VF78...

CVE-2023-32090

Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials...