1128 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-44825
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attack...
CVE-2026-10283 Bottelet DaybydayCRM Setting missing authentication
A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue...
Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta
Summary Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relativ...
PT-2026-45019
Summary Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relativ...
Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta
Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relative path...
EUVD-2026-32865
In the Linux kernel, the following vulnerability has been resolved: eventfs: Hold eventfsmutex and SRCU when remount walks events Commit 340f0c7067a9 "eventfs: Update all the eventfsinodes from the events descriptor" had eventfssetattrs recurse through ei-children on remount. The walk only holds...
CVE-2026-9451
A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize The step variable is initialized to zero. It is changed during the loop; however, if it isn’t changed, it will remain zero. Add a variable check before the...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: tcpbpf: The logic for uncharging memory in tcpbpfsendmsg has been fixed. The current memory accounting logic in SKREDIRECT involves pre-uncharging of bytes to be sent, where the value is either msg-sg.size or a smaller value,...
Astra Linux - уязвимость в git
Git is a revision control system. Before versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, feeding specially crafted input to git apply --reject could cause a path outside the working tree to be overwritten with partially controlled contents...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: x86/alternatives: Disabling KASAN during applyalternatives Fei reported that KASAN is triggered during applyalternatives on systems with 5-level paging. Bug: KASAN: Out-of-bounds access in rcuiswatching Size 4 is read at address...
Astra Linux - уязвимость в binutils
The readelf.c file in GNU Binutils 2.32 contains an integer overflow vulnerability that allows attackers to trigger a write access violation in the byteputlittleendian function in elfcomm.c through an ELF file, as demonstrated by readelf...
Important: Red Hat Security Advisory: giflib update
Please update Please update...
Malicious code in clearml-truen-patch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 868fbff2db730a4a67f808b6c9bd35aa78392be592adb2d66d6be659772610f6 This package is published as clearml-truen-patch but its PKG-INFO/setup.py declare Author=ClearML, [email protected], and...
Argo CD: Kubernetes Secret Extraction via ArgoCD ServerSideDiff via sensitive annotations
Summary The original fix for GHSA-3v3m-wc6v-x4x3 is incomplete. argocd app diff --server-side-diff can still expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation. The prior fix masks top-level Secret data in ServerSideDiff responses, but it...
kernel: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
In the Linux kernel, the following vulnerability has been resolved: tcpbpf: Fix the skmemuncharge logic in tcpbpfsendmsg The current sk memory accounting logic in SKREDIRECT is pre-uncharging tosend bytes, which is either msg-sg.size or a smaller value applybytes. Potential problems with this...
Important: Red Hat Security Advisory: openexr update
Please update Please update...
Linux Distros Unpatched Vulnerability : CVE-2026-7210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash...
SUSE CVE-2026-7210
xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...
PT-2026-40526
An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM memory, potentially resulting in loss of confidentiality or availability...