Astra Linux - уязвимость в mercurial

A vulnerability was discovered in Mercurial SCM 4.5.3/71.19.145.211. This vulnerability is considered problematic. It affects unknown code within the Web Interface component. Manipulating the cmd argument leads to cross-site scripting attacks. The attack can be initiated remotely. The exploit has...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint: pci-epf-vntb: Stop cmdhandler work in epfntbepccleanup Disable the delayed work before clearing BAR mappings and doorbells to avoid running the handler after resources have been torn down. Unable to handle kernel...

Astra Linux - уязвимость в linux, linux-5.10

A memory leak flaw was discovered in the Linux kernel’s ccprunaesgcmcmd function, which allows an attacker to cause a denial of service. This vulnerability is similar to the older CVE-2019-18808. The greatest threat posed by this vulnerability is to system availability...

CVE-2026-36828

A command injection vulnerability exists in the /cgi-bin/tools/ajaxcmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter...

CVE-2026-36438

An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd...

CVE-2025-52532

A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgvcmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the...

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

EUVD-2026-27572

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix GENERICCMD register field masks for IPA v5.0+ Fix the field masks to match the hardware layout documented in downstream GSI GSIV30EEnGSIEEGENERICCMD. Notably this fixes a WARN I was seeing when I tried to send "stop...

Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can upload a crafted backup archive that overwrites the application's configuration file...

Linux Distros Unpatched Vulnerability : CVE-2026-43081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ipa: fix GENERICCMD register field masks for IPA v5.0+ Fix the field masks to match the hardware layout documented in downstream GSI...

CVE-2026-42238

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

Astra Linux - уязвимость в golang-1.19, golang-1.23

Creating a malicious file using cmd/go can result in writing to a file controlled by an attacker, with partial control over the file’s content. The cgo pkg-config: directive in a Go source file provides command-line arguments that are passed to the Go pkg-config command. An attacker can provide a...

rustdx-cmd (>=0.1.0 <=0.3.0) potentially affected by unknown CVE via rustdx (>=0.2.5 <=0.3.0)

rustdx CARGO version =0.2.5, =0.1.0, =0.3.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0123...

EUVD-2026-26620

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...

CVE-2026-31595

A flaw was found in the Linux kernel's pci-epf-vntb module. This vulnerability occurs due to improper handling of the cmdhandler work during the epfntbepccleanup process. If the delayed work is not disabled before clearing BAR mappings and doorbells, the handler can attempt to access resources th...

CVE-2026-31595

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Stop cmdhandler work in epfntbepccleanup Disable the delayed work before clearing BAR mappings and doorbells to avoid running the handler after resources have been torn down. Unable to handle kernel...

CVE-2026-31595

CVE-2026-31595 affects the Linux kernel PCI endpoint driver for the vntb (pci-epf-vntb) where the cleanup path epf_ntb_epc_cleanup does not disable the delayed work before clearing BAR mappings and doorbells. The referenced details describe that if the delayed work isn’t disabled, the cmd_handler...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013779 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Do not unregister events twice Nicolas reported that using: trace-cmd record -e...