CVE-2026-10280 horizon921 mcpilot MCP API Call Endpoint route.ts server-side request forgery

A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. The manipulation of the argument serverBaseUrl results in server-side request forgery. The attack c...

CVE-2026-9372

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Revert to the previous state of “ACPICA: Avoid Info: mapping multiple BARs. Your kernel is fine.” Undo the modifications made in the commit d410ee5109a1 “ACPICA: Avoid “Info: mapping multiple BARs. Your kernel is fine.””...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fixed the calculation of the base address in the function kvmeiointc regsaccess. In the function kvmeiointc regsaccess, the base address of the register is calculated by adding an offset to the array base address...

Server-side Request Forgery (SSRF)

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in SearXNG search proxy via unvalidated baseUrl. An authenticated low-privilege user can point baseUrl at an internal or loopback HTTP service and receive th...

GHSA-44M2-CRH7-F4Q2 Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL

Summary Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the read endpoint GET /api/datasources/:datasourceId. Every authenticated...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of KCOV detection after the x86 kexec operation, resulting in an invalid GS base...

Astra Linux - уязвимость в firefox

Service workers could reveal script base URL due to dynamic import. This vulnerability affects Firefox 113...

PT-2026-36384

In the Linux kernel, the following vulnerability has been resolved: comedi: ni atmio16d: Fix invalid clean-up after failed attach If the driver's COMEDI "attach" handler function atmio16d attach returns an error, the COMEDI core will call the driver's "detach" handler function atmio16d detach to...

Linux Distros Unpatched Vulnerability : CVE-2026-31564

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvmeiointcregsaccess In function...

SUSE CVE-2026-31564

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvmeiointcregsaccess In function kvmeiointcregsaccess, the register base address is caculated from array base address plus offset, the offset is absolute value from the base address...

CVE-2026-31564

A flaw was found in the Linux kernel, specifically within the Kernel-based Virtual Machine KVM component for LoongArch architecture. An incorrect base address calculation in the kvmeiointcregsaccess function, where a u64 type was not properly converted to a void before adding an offset, could lea...

DEBIAN-CVE-2026-31564

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvmeiointcregsaccess In function kvmeiointcregsaccess, the register base address is caculated from array base address plus offset, the offset is absolute value from the base address...

CVE-2026-31564

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvmeiointcregsaccess In function kvmeiointcregsaccess, the register base address is caculated from array base address plus offset, the offset is absolute value from the base address...

CVE-2026-31564

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvmeiointcregsaccess In function kvmeiointcregsaccess, the register base address is caculated from array base address plus offset, the offset is absolute value from the base address...

EUVD-2026-25457

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvmeiointcregsaccess In function kvmeiointcregsaccess, the register base address is caculated from array base address plus offset, the offset is absolute value from the base address...

CVE-2026-31564

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvmeiointcregsaccess In function kvmeiointcregsaccess, the register base address is caculated from array base address plus offset, the offset is absolute value from the base address...

CVE-2026-31564 LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access()

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvmeiointcregsaccess In function kvmeiointcregsaccess, the register base address is caculated from array base address plus offset, the offset is absolute value from the base address...

CVE-2026-31564

CVE-2026-31564 (LoongArch KVM) : The Linux kernel fix addresses a faulty address calculation in the LoongArch KVM implementation, specifically in kvm_eiointc_regs_access(). The code previously derived the register base address by adding an offset to an array base address treated as a u64, which c...

PT-2026-34916

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvm eiointc regs access In function kvm eiointc regs access, the register base address is caculated from array base address plus offset, the offset is absolute value from the base...