CVE-2026-45692

CVE-2026-45692 (Caddy) describes a remote admin authorization bypass where the /config traversal layer and the authorization layer disagree on the target object. Specifically, from 2.4.0 through 2.11.3, an authorized path such as /config/apps/http/servers/srv/routes/0 could be used to access or m...

Carrier Corporation i-VU Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

Automated Logic WebCTRL Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The issue of protecting the fetch of -fdfd in dodup2 from mispredictions has been addressed. Both callers have ensured that fd is not greater than -maxfds; however, a misprediction might lead to the speculative execution of tofre...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added an array index check for hdcp ddc access. Reason Coverity reports an OVERRUN warning. Do not check if the array index is valid. How Check that the msgid is valid and that the array index is valid...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevents potential Spectre v1 exploits. It seems that cmd could be a Spectre v1 exploit, as it is provided by a user and used as an array index. This vulnerability prevents the contents of kernel memory from being leake...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Correct speculative safety in fredextint The arrayindexnospec function is useless if the result is spilled to the stack, as it makes the supposedly safe-under-speculation value subject to memory predictions. For all...

Astra Linux – Vulnerability in dcmtk

There is an improper array index validation vulnerability in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Prevent Spectre v1 gadget construction in sysrtas. Smatch warns: arch/powerpc/kernel/rtas.c:1932 dosysrtas warning: potential Spectre issue with ‘args args’ r local limit The ‘nargs’ and ‘nret’ locals originate from...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: In the net: rose module, the function rosekillbydevice collects sockets into a local array, and then iterates over those arrays to disconnect sockets bound to devices that are being shut down. The loop mistakenly indexes arraycnt...

Astra Linux – Vulnerability in dcmtk

There is an improper array index validation vulnerability in the nowindow functionality of OFFIS DCMT 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to exploit this vulnerability...

keycloak: Keycloak: Denial of Service via malformed Authorization header

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...

CVE-2026-25276 Improper Validation of Array Index in Secure Processor

Memory corruption while using Strongbox due to missing bounds check...

CVE-2026-25276 Improper Validation of Array Index in Secure Processor

Memory corruption while using Strongbox due to missing bounds check...

Improper Validation of Array Index

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Validation of Array Index through the defaultSandboxPrepareStackTrace function in lib/setup-sandbox.js. An attacker can observe or rewrite...

CVE-2026-9803

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...

CVE-2026-9803

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...

UBUNTU-CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

CVE-2026-46037

The CVE-2026-46037 issue affects the Linux kernel IPv4 ICMP component. Extended echo replies could use ICMP_EXT_ECHOREPLY outside the icmp_pointers[] range; the fix avoids icmp_pointers[] lookups for out-of-range types and uses array_index_nospec() for in-range lookups. Multiple OS feeds report p...

CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...