EUVD-2026-31130

Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: can: j1939: preventing deadlock by moving j1939skerrqueue This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfers and subscribing to the error queue while...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: can: j1939: The j1939sessionactivate function may fail if the device is no longer registered. The syzbot still reports: unregisternetdevice: Waiting for vcan0 to become available. Usage count: 2. Even after committing the change...

CVE-2026-44925

CVE-2026-44925 describes a Cross-Site Request Forgery (CSRF) in InfoScale v.9.1.3 Operations Manager (VIOM). The vulnerability arises from an ability for an attacker to coerce an active VIOM session user into clicking a crafted HTML link, resulting in unintended modifications within the VIOM web ...

CVE-2026-33585 Arqit SKA-Platform Improper Handling of Parameters Vulnerability

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by changing j1939sockslock to rwlock The following 3 locks would race against each other, causing the deadlock situation in the Syzbot bug report: - j1939sockslock - activesessionlistlock -...

Insufficient Session Expiration

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper session management when user permissions are changed. An attacker can retain unauthorized access to resource...

CVE-2025-14857

CVE-2025-14857 affects Semtech LoRa LR11xxx transceivers on early firmware versions. The flaw is an improper access control: memory write via the physical SPI interface does not enforce write protection on the program call stack, enabling overwriting of stack memory and limited arbitrary code exe...

Allocation of Resources Without Limits or Throttling

Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ModalFormResponsePacket handling process. An attack...

CVE-2025-13671

OpenText Web Site Management Server contains a CSRF vulnerability (CVE-2025-13671) affecting versions 16.7.0 and 16.7.1. An active user with a session could be induced to perform unintended changes via a page containing malicious HTML, effectively exploiting CSRF. CVSS v4.0 vectors: Network attac...

Exploit for Incorrect Authorization in Suse Pam-Config

CVE-2025-6018 & CVE-2025-6019 PoC A Proof of Concept for chai...

kernel: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock

A vulnerability was found in the Linux kernel's Controller Area Network CAN protocol, within the J1939 protocol implementation. This issue occurs due to a potential deadlock caused by a race condition involving three locks: j1939sockslock, activesessionlistlock, and sksessionqueuelock. This issue...

CVE-2020-23140

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active...

SUSE CVE-2023-54152

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by moving j1939skerrqueue This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfer and subscribing to the error queue while receiving a...

CVE-2023-54152

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by moving j1939skerrqueue This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfer and subscribing to the error queue while receiving a...

CVE-2023-54152

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by moving j1939skerrqueue This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfer and subscribing to the error queue while receiving a...

CVE-2023-54152 can: j1939: prevent deadlock by moving j1939_sk_errqueue()

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by moving j1939skerrqueue This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfer and subscribing to the error queue while receiving a...

CVE-2023-54152

Summary: CVE-2023-54152 affects the Linux kernel’s j1939 subsystem, where a deadlock could occur when performing data TP/ETP transfers and subscribing to the error queue during a net down event. Root cause: a call to j1939_sk_errqueue() was made inside the active_session_list_lock, which could in...

EUVD-2025-203894

CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console...