Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fixed a NULL pointer dereferencing in nvmeallocadmintags. In nvmeallocadmintags, adminq can be set to an error typically -ENOMEM if the blkmqinitqueue call fails to set up the queue. This check is performed immediately...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986703)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986703 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix a NULL pointer dereference in nvmeallocadmintags In nvmeallocadmintags, the adminq...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986297)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986297 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix a NULL pointer dereference in nvmeallocadmintags In nvmeallocadmintags, the adminq...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986289)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986289 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix a NULL pointer dereference in nvmeallocadmintags In nvmeallocadmintags, the adminq...

EUVD-2025-24019

Malicious code in bioql PyPI...

EUVD-2025-28813

Malicious code in bioql PyPI...

CVE-2025-54591 FreshRSS: Unauthenticated users can view default user's information

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...

CVE-2025-54591

Summary (CVE-2025-54591, FreshRSS) FreshRSS versions 1.26.3 and earlier expose information about feeds and tags belonging to default admin users due to insufficient access checks in the FreshRSS_Auth::hasAccess() function used by some tag/feed endpoints. Some controllers either lack a defined fir...

CVE-2025-9101

A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2025-9101

A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2025-9101

A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2025-9101 zhenfeng13 My-Blog Tag save cross site scripting

A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the publi...

PT-2025-33630 · Zhenfeng13 · Myblog

Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog versions prior to 1.0.1 Description: A weakness has been identified in the processing of the /admin/tags/save file within the Tag Handler component, leading to cross site scripting. The attack can be initiated remotely. The...

CVE-2025-8739

A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely. The exploit has...

CVE-2025-8739

A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely. The exploit has...

CVE-2025-8739

A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely. The exploit has...

CVE-2025-8739 zhenfeng13 My-Blog save cross-site request forgery

A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely. The exploit has...

CVE-2025-8739 zhenfeng13 My-Blog save cross-site request forgery

A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely. The exploit has...

CVE-2025-8739

The CVE-2025-8739 issue affects zhenfeng13 My-Blog up to version 1.0.0. The vulnerability resides in the /admin/tags/save processing where manipulating the tagName parameter enables cross-site request forgery (CSRF). Impact is described as CSRF without details on confidentiality or integrity beyo...

PT-2025-32411 · Myblog · Myblog

Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog versions up to 1.0.0 Description: A cross-site request forgery issue exists due to the manipulation of the tagName argument in the processing of the /admin/tags/save API endpoint. The attack can be initiated remotely. The...