CVE-2026-52954

A flaw was found in the Linux kernel's libceph component. A remote attacker could send a specially crafted CEPHMSGOSDMAP message containing a corrupted CRUSH map. If this map includes two crushchooseargmaps with identical indices, it triggers an assertion failure, leading to a kernel bug and a...

EUVD-2026-38732

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: fix missing zerocopy reference in pskbcarve helpers pskbcarveinsideheader and pskbcarveinsidenonlinear both copy the old skbsharedinfo header into a new buffer via memcpy, which includes the destructorarg pointer uar...

CVE-2026-52943

In the Linux kernel CVE-2026-52943, the vulnerability stems from how sk_buff zero-copy (MSG_ZEROCOPY) references are handled by pskb_carve_inside_header() and pskb_carve_inside_nonlinear(). Both functions copy the old skb_shared_info header into a new buffer but do not call net_zcopy_get() for th...

Astra Linux – Vulnerability in binutils

A issue was discovered in the function stabdemanglev3arg in stabs.c in Binutils 2.34 through 2.38. This issue allows attackers to cause a denial of service due to memory leaks...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan discovered that etsclassfromarg can index an Out-Of-Bound class when the clid of 0 is passed. This may lead to local privilege escalation. 18.852298 ------------ Cut here ---...

Astra Linux – Vulnerability in Mariadb 10.3

It has been discovered that MariaDB Server v10.6.5 and earlier contain a use-after-free in the Itemargs::walkarg component, which can be exploited through specially crafted SQL statements...

SUSE CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

PT-2026-49770

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description An argument pattern validation bypass exists in the exec allowlist on Linux and macOS systems. When tools.exec.security is set to allowlist, the system skips argPattern checks and treats a...

ALPINE-CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

CVE-2025-69624

Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert. When app.alert is called with more than one argument and the first argument evaluates to null for example, app.alertapp.activeDocs, true when app.activeDocs is null...

CVE-2026-10174

Summary of CVE-2026-10174 (Aider-AI Aider 0.86.3): Affected is an unknown function in the file aider/args.py of the Pre-commit Hook Handler. Manipulation of the argument git-commit-verify leads to protection mechanism failure. The vulnerability may be exploitable remotely, with exploitation infor...

Linux Distros Unpatched Vulnerability : CVE-2026-45886

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix bpfxdpstorebytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is...

Fedora 44 : perl-Crypt-DSA (2026-cdcb20089b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cdcb20089b advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...

Fedora 42 : perl-Crypt-DSA (2026-ffe3625a50)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ffe3625a50 advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...

Astra Linux - уязвимость в libbpf

A vulnerability has been discovered in the Linux kernel. It has been identified as problematic. This issue affects the parseusdtarg function in the tools/lib/bpf/usdt.c file of the BPF component. Manipulating the regname argument leads to a memory leak. It is recommended that a patch be applied t...

CVE-2026-8704 Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

CVE-2026-7855 D-Link DI-8100 HTTP Request tggl.asp tggl_asp buffer overflow

A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tgglasp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is no...

CVE-2026-6998

A vulnerability was detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. Affected is an unknown function of the component New RMON Statistics Page. The manipulation of the argument Owner results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

UBUNTU-CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...