Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerabili...

Cisco Secure Firewall Management Center - Authentication Bypass

Cisco Secure Firewall Management Center Software contains an authentication bypass caused by improper system process creation at boot, letting unauthenticated remote attackers execute scripts and gain root access, exploit requires crafted HTTP requests. id: CVE-2026-20079 info: name: Cisco Secure...

Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure

Fides versions 2.19.0 to before 2.39.2rc0 contain an information disclosure caused by unauthenticated HTTP GET request to the Privacy Center, letting attackers access the SERVERSIDEFIDESAPIURL, which may reveal server configuration details, exploit requires no authentication. id: CVE-2024-31223...

Extreme Management Center 8.4.1.24 - Cross-Site Scripting

Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution

Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit...

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by...

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Ring-Buffer: Fixed the possibility of dereferencing an uninitialized pointer. There is a pointer called headpage in the function rbmetavalidateevents. This pointer is not initialized at the beginning of the function. This pointer...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834writefrequency, clkgetrate may return 0. In such cases, the call to ad9834calcfreqreg will result in a division by zero. Checking if fout clkfreq / 2 do...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT – Avoid u32 multiplication overflow. In the function lpitupdateresidency, there is a possibility of overflow during multiplication, if tsckhz is large enough UINTMAX/1000. The multiplication operation should be replace...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Net: qlogic/qede: fixed a potential out-of-bounds read in qedetpacont and qedetpaend. The loops in ‘qedetpacont’ and ‘qedetpaend’ iterate over ‘cqe-lenlist’, using only a zero-length terminator as the stopping condition. If the...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed an integer overflow issue while processing the acdirmax mount option. The user-provided mount parameter acdirmax, of type u32, is intended to have an upper limit. However, before this limit is validated, the value is...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The issue in fdt: fix off-by-one error in unflattendtnodes Commit 78c44d910d3e “drivers/of: Fix depth when unflattening devicetree” forgot to fix the depth check in the loop body of unflattendtnodes. This could lead to an overflo...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Added a check on the callback function pointer before its call. In dpucoreirqcallbackhandler, the pointer pointing to the callback function is checked to be NULL. However, the callback function is then called...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: cifs: avoided NULL pointer dereferencing in debug calls. The cifsserverdbg function assumes that the server variable is non-NULL; therefore, the calling sequence was modified to avoid NULL pointer dereferences. This issue was...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: traceeventshist: A check was added to ensure that the return value of createhistfield is checked. The function createhistfield is called recursively at line 1954 of traceeventshist.c, and it may return a NULL value. Therefore, we...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in applyconstrainttosize The step variable is initialized to zero. It is changed during the loop, but if it isn’t changed, it will remain zero. Add a variable check before the division...

CVE-2026-50196

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite...

CVE-2026-50196 Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite...

CVE-2026-50196

CVE-2026-50196 – Steeltoe.Discovery.Eureka : In Steeltoe.Discovery.Eureka before versions 4.2.0 and 3.4.0, DataCenterInfo.FromJson throws an ArgumentException for any DataCenterInfo.name other than MyOwn, Amazon, or Netflix, causing the registry deserialization to fail and the cache refresh to sw...