Netgear-WN604 downloadFile.php - Information Disclosure

There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be...

EUVD-2026-38908

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate bgbits during freefrag scan BUG A crafted filesystem can trigger an out-of-bounds bitmap walk when OCFS2IOCINFO is issued with OCFS2INFOFLNONCOHERENT. BUG: KASAN: use-after-free in instrumentatomicread...

Malicious code in hardhat-test-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 741350b4472a82c53151793b413166a5fad36af3d2d14fa1d12afba9eccb9fed Package impersonates the well-known eth-gas-reporter / hardhat-gas-reporter packages: README is titled 'eth-test-log', copies badges and contributor...

Astra Linux – Vulnerability in PostgresSQL 11

A flaw was discovered in PostgreSQL related to the pgcancelbackend role, which signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a background worker that is less...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Background Fetch API in Google Chrome prior to version 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. Chromium security severity: Low...

Astra Linux – Vulnerability in Firefox

If an attacker loads a font using FontFace on a background worker, a use-after-free might occur, resulting in a potentially exploitable crash. This vulnerability affects Firefox versions earlier than 107...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass the same-origin policy through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid failures during online resizing due to an overly large flexbgsize. When we perform online resizing on an ext4 filesystem with an excessively large flexbgsize, the following warning is triggered:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: openvswitch: Fixed a race condition related to port output. Assume the following setup on a single machine: 1. An openvswitch instance with one bridge and default flows. 2. Two network namespaces: “server” and “client”. 3...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed ext4mbmarkbb with flexbg and fastcommit. In the case of the flexbg feature which is enabled by default, extents for any given inode may span across blocks from two different block groups. ext4mbmarkbb only reads the...

Over 50 Android Apps Found Spreading MagicAd Trojan via Official Stores

Over 50 Android apps on official stores spread MagicAd trojan, using system tricks to force background ads even after infected apps are closed...

CVE-2026-53606

A CVE-2026-53606 entry concerns ApostropheCMS (Node.js) and its dependency sanitize-html. The issue arises in sanitize-html versions prior to 2.17.5, where allowedSchemesAppliedToAttributes (default: ['href','src','cite']) do not cover all URI-bearing attributes (e.g., action, formaction, data, p...

CVE-2026-53606 sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...

MAL-2026-5595 Malicious code in 0x2ai-demo8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc8b825a6ca24f0ed99210734ea8d4f4fb7bf1bbdb3767b67417bf5cdb83257 On npm install, scripts/postinstall.cjs writes a .mcp.json into the installer's working directory that registers a stdio MCP server...