Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: ttpci: two memory leaks have been fixed in budgetavattach. When saa7146registerdevice and saa7146vvinit fail, budgetavattach should free the resources it allocates, similar to the error handling in ttpcibudgetinit...

CVE-2026-42604

Actual is a local-first personal finance tool. The POST /openid/config endpoint in Actual Budget's sync-server versions = 26.4.0 exposes the full OpenID Connect configuration—including the OAuth2 clientsecret—to any caller who knows the bootstrap password. The endpoint also lacks authentication a...

CVE-2026-49229

creationtimestamp| type| source ---|---|--- 2026-06-12 20:15:56+00:00| published-proof-of-concept| https://github.com/actualbudget/actual/security/advisories/GHSA-cq9c-6w48-qmfg...

CVE-2026-42604 Actual has an OpenID `client_secret` Disclosure via Broken Authorization Guard in `/openid/config`

Actual is a local-first personal finance tool. The POST /openid/config endpoint in Actual Budget's sync-server versions = 26.4.0 exposes the full OpenID Connect configuration—including the OAuth2 clientsecret—to any caller who knows the bootstrap password. The endpoint also lacks authentication a...

EUVD-2026-36543

Actual is a local-first personal finance tool. The POST /openid/config endpoint in Actual Budget's sync-server versions = 26.4.0 exposes the full OpenID Connect configuration—including the OAuth2 clientsecret—to any caller who knows the bootstrap password. The endpoint also lacks authentication a...

PT-2026-48963

Name of the Vulnerable Software and Affected Versions Actual Budget sync-server versions prior to 26.5.0 Description The POST /openid/config endpoint exposes the complete OpenID Connect configuration, which includes the OAuth2 client secret. This information is accessible to any user who possesse...

AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.

For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that...

CVE-2026-6586

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function getbudget/updatebudget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. T...

CVE-2026-34062

nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::readrequest and readresponse call readtoend on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets...

FDM: A Framework for Decision-Making to Build ML-Based Malware Detection Systems

Selecting appropriate machine learning ML configurations for malware detection is a complex, multi-criteria problem. Model choice, feature engineering, and update mechanisms must jointly satisfy operational constraints that vary across deployment contexts. This paper proposes the Framework for...

CALIBURN: A Regime-Sensitivity Study of Operationally Calibrated Streaming Intrusion Detection

Streaming network intrusion detection systems must process flows continuously while keeping memory bounded, but most current methods leave alerting threshold selection as a post-hoc tuning problem poorly suited to production. Operators need alerting behaviour specifiable before deployment using...

CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ionic: Use devconsumeskbany outside of NAPI. If we are not in a NAPI softirq context, we need to be careful about how we call napiconsumeskb. Specifically, we need to call it with budget == 0 to signal that we are not in a safe...

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

kernel: crypto: af_alg - limit RX SG extraction by receive buffer budget

A flaw was found in the Linux kernel's afalg Algorithm Interface component. This vulnerability allows a local attacker to cause a denial of service DoS by sending specially crafted requests. The afalggetrsgl function fails to properly limit the extraction of receive scatterlist RX SG data based o...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in authencesn due to too-short AAD CVE-2026-23060 kernel: crypto: algifaead - Revert to operating out-of-place CVE-2026-31431 kernel: crypto: afalg - limit...

ALSA-2026:19074 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in authencesn due to too-short AAD CVE-2026-23060 kernel: crypto: algifaead - Revert to operating out-of-place CVE-2026-31431 kernel: crypto: afalg - limit...

ALSA-2026:19225 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in authencesn due to too-short AAD CVE-2026-23060 kernel: crypto: algifaead - Revert to operating out-of-place CVE-2026-31431 kernel: crypto: afalg - limit...

CISO Guide: Building a Business Case for CTEM

Every CISO knows the frustration: you understand the exposure risk facing your organization, you know that a Continuous Threat Exposure Management program would fundamentally change your security posture, and yet, when budget season arrives, CTEM is one of the first line items questioned. Ready t...