Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cfg80211: Calling cfg80211stopap when switching from P2PGO type If the user-space tools switch from NL80211IFTYPEP2PGO to NL80211IFTYPEADHOC via sendmsgNL80211CMDSETINTERFACE, it does not call the cleanup function cfg80211stopap...

CVE-2025-32436 AutoGPT has a DoS vulnerability in AddAudioToVideoBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AddAudioToVideoBlock will download and store the video and audio in a temporary directory without deleting before all noded are done. StepThroughItemsBlock c...

UBUNTU-CVE-2026-48006

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

CVE-2026-44505

The CVE affects Nimiq’s network-libp2p component (Rust) used in the Albatross-based PoS implementation. Before v1.4.0, when a peer returns a FoundRecord, the code verified the record via dht_verifier.verify and, on verifier error, logged and returned early without completing the oneshot used by N...

PT-2026-48330

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle dht get network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the reco...

Linux Distros Unpatched Vulnerability : CVE-2026-31426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACPI: EC: clean up handlers on probe failure in acpiecsetup When ecinstallhandlers returns -EPROBEDEFER on reduced-hardware platforms, it has already started th...

WordPress plugin ElementsKit Elementor Addons and Templates 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ElementsKit Elementor Addon...

CVE-2026-21438 webtransport-go affected by a Memory Exhaustion Attack due to Missing Cleanup of Streams Map

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

CVE-2022-50727

In the Linux kernel, the following vulnerability has been resolved: scsi: efct: Fix possible memleak in efctdeviceinit In efctdeviceinit, when efctscsiregfctransport fails, efctscsitgtdriverexit is not called to release memory for efctscsitgtdriverinit and causes memleak: unreferenced object...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986418)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986418 advisory. In the Linux kernel, the following vulnerability has been resolved: IB/qib: Fix memory leak in qibusersdmaqueuepkts The wrong goto label was used for the error case...

Linux Distros Unpatched Vulnerability : CVE-2021-29649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel before 5.11.11. The user mode driver UMD has a copyprocess memory leak, related to a lack of cleanup steps in...

PT-2025-27960

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the atmtcp c send function in the Linux kernel, where it accesses skb-data as struct atmtcp hdr after checking if skb-len is 0, but this check is not sufficient...

FreeScout Cross-Site Scripting Vulnerability

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that stems from a lack of input validation and cleanup in the Session::flash function, no details of the...

CVE-2025-21661

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix missing lookup table cleanups When a virtuser device is created via configfs and the probe fails due to an incorrect lookup table, the table is not removed. This prevents subsequent probe attempts from...

CVE-2024-43314

CVE-2024-43314 affects WordPress Asset CleanUp: Page Speed Booster (versions up to 1.3.9.3). Root cause: Missing/Incorrectly configured access control (Missing Authorization) enabling unauthorized access to assets. Impact: High (as per NVD CVSS 3.1 base score 8.8, high confidentiality, integrity,...

Rancher 安全漏洞

Rancher is an open source container management platform from the US-based Rancher Open Source, built for organizations deploying containers in production environments. A security vulnerability exists in Rancher versions prior to 2.7.14 and prior to 2.8.5, which stems from a failure to automatical...

git-shallow-clone 安全漏洞

git-shallow-clone is a library for dipesh individual developers. A security vulnerability exists in git-shallow-clone, which stems from a lack of cleanup or mitigation flags and is vulnerable to command injection attacks...

kernel: nf_tables: use-after-free in nft_chain_lookup_byid()

A use-after-free flaw was found in the Linux kernel's Netfilter module in net/netfilter/nftablesapi.c in nftchainlookupbyid. This flaw allows a local attacker to cause a local privilege escalation issue due to a missing cleanup...

DEBIAN-CVE-2023-22995

In the Linux kernel before 5.17, an error path in dwc3qcomacpiregistercore in drivers/usb/dwc3/dwc3-qcom.c lacks certain platformdeviceput and kfree calls...

UBUNTU-CVE-2023-22995

In the Linux kernel before 5.17, an error path in dwc3qcomacpiregistercore in drivers/usb/dwc3/dwc3-qcom.c lacks certain platformdeviceput and kfree calls...