RaspAP <=2.6.5 - Remote Command Injection

RaspAP 2.6 to 2.6.5 allows unauthenticated attackers to execute arbitrary OS commands via the "iface" GET parameter in /ajax/networking/getnetcfg.php, when the "iface" parameter value contains special characters such as ";". id: CVE-2021-33357 info: name: RaspAP =2.6.5 - Remote Command Injection...

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to...

TimeKeeper by FSMLabs - Remote Code Execution

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named argx, with x an integer starting from 1; it is possible t...

AirFlow < 2.4.0 - Remote Code Execution

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. id: CVE-2022-40127 info: name: AirFlow 2.4.0 -...

UBUNTU-CVE-2026-52928

In the Linux kernel, the following vulnerability has been resolved: afunix: Reject SIOCATMARK on non-stream sockets SIOCATMARK reports whether the receive queue is at the urgent mark for MSGOOB. In AFUNIX, MSGOOB is supported only for SOCKSTREAM sockets. SOCKDGRAM and SOCKSEQPACKET reject MSGOOB ...

UBUNTU-CVE-2026-52939

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix NULL deref in rdsibsendcqehandler on masked atomic completion rdsibxmitatomic always programs a masked atomic opcode IBWRMASKEDATOMICCMPANDSWP or IBWRMASKEDATOMICFETCHANDADD for every RDS atomic cmsg. But the...

CVE-2026-52928

The CVE-2026-52928 entry concerns the Linux kernel’s AF_UNIX handling of SIOCATMARK, where MSG_OOB is valid only on SOCK_STREAM. The root cause is that SIOCATMARK was evaluated against the receive queue on non-stream sockets; the fix ensures non-stream sockets return -EOPNOTSUPP before inspecting...

EUVD-2026-38698

In the Linux kernel, the following vulnerability has been resolved: afunix: Reject SIOCATMARK on non-stream sockets SIOCATMARK reports whether the receive queue is at the urgent mark for MSGOOB. In AFUNIX, MSGOOB is supported only for SOCKSTREAM sockets. SOCKDGRAM and SOCKSEQPACKET reject MSGOOB ...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under the skreceivequeue lock. Billy Jheng Bing-Jhong reported a race condition between unixgc and queueoob. unixgc attempts to garbage-collect closed inflight sockets. If the socket contains MSGOOB...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: afunix: fixed the issue of struct pid leaks in OOB support. The issue arises from queueoob calling maybeaddcreds, which potentially holds a reference to a pid. However, the destructor of skb is not set either directly or by...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mt76: mt7915: fixed a possible NULL pointer dereferencing in mt7915macfillrxvector. Fixed a possible NULL pointer dereferencing in mt7915macfillrxvector if the chip does not support dbdc and the hardware reports bandidx set to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtw89: Avoid NULL dereferencing when a problematic packet is received on an unsupported 6 GHz band. There is a very rare chance that the RX report might be problematic, causing the software to assume that a packet was...

Astra Linux – Vulnerability in Intel Microcode

Insufficient granularity of access control in out-of-band management in some IntelR Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privileges through adjacent network access...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: afunix: Do not leave consecutive consumed OOB skb’s in the recv queue. Jann Horn reported a use-after-free in the unixstreamreadgeneric function. The following sequences reproduce the issue: $ python3 from socket import s1, s2...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: afunix: Calling kfreeskb for dead unixsk-oobskb in GC. syzbot reported a warning in unixgc, which creates a socketpair and sends the fd of one socket to itself using the peer. socketpairAFUNIX, SOCKSTREAM, 0, 3, 4 = 0 sendmsg4,...

Astra Linux – Vulnerability in faad2

There is a stack-based buffer overflow in the third instance of the calculategain function in libfaad/sbrhfadj.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impacts, as the SM array is mishandled...

Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

Because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject to --allowedTools restrictions. An attacker able to inject untrust...

MAL-2026-5736 Malicious code in node-stack-frames (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fd4f6c5f3278484d99f6ffffc001cf920dcb0fa4fdfabff957a61c3cfbfc158 package.json declares a preinstall script that runs an inline Node program on npm install. The script requires os and http, collects os.hostname,...

Malicious code in sysnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...

MAL-2026-5617 Malicious code in sysnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...