CVE-2026-54911 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...

Astra Linux - уязвимость в linux

A use-after-free occurred in the function hcisockboundioctl of the Linux kernel’s HCI subsystem. This issue arises when the user calls ioct HCIUNBLOCKADDR, or when the call to hciunregisterdev triggers a race condition, along with the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo...

CVE-2026-25615

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...

CVE-2026-25616

Blesta CVE-2026-25616 affects Blesta versions 3.x through 5.x before 5.13.3 due to mishandling of input validation (CORE-5665). Multiple sources (Red Hat, CVE listing, PacketStorm) indicate impacts include input handling defects that enable cross-site scripting in certain endpoints, with the cano...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001571)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001571 advisory. In drivers/char/virtioconsole.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-len value...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001505)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001505 advisory. A use-after-free in function hcisockboundioctl of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race...

go-git 参数注入漏洞

go-git is go-git open source a highly extensible git implementation library written in pure Go. A parameter injection vulnerability exists in go-git versions prior to v5.13, which stems from the presence of a parameter injection vulnerability that could allow an attacker to set arbitrary values t...

PT-2023-1099 · Zoom · Zoom Rooms For Windows

Name of the Vulnerable Software and Affected Versions: Zoom Rooms for Windows versions prior to 5.13.0 Description: The issue is related to an uncontrolled search path element in the Zoom video conferencing software. Exploitation of this issue could allow an attacker to elevate their privileges t...

PT-2022-34995 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.13 Description: The issue is related to a potential security vulnerability in the Linux Kernel, specifically in the drm/amdkfd component. The actual impact and attack plausibility have not yet been proven...

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add() hci_sock_blacklist_del() hci_get_conn_info() hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.

...