Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed a possible crash that occurred when setting up bsg failed. If bsgsetupqueue fails, the bsgqueue is assigned a non-NULL value. As a result, in mpi3mrbsgexit, the condition “if!mrioc-bsgqueue” will not be...

Astra Linux - уязвимость в glib2.0

A issue was discovered in GNOME GLib before version 2.78.5, and also in versions 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent lpfcdebugfslockstatwrite buffer overflow A static code analysis tool identified the possibility of buffer overflow when using copyfromuser for a debugfs entry. Currently, it is possible that copyfromuser copie...

Astra Linux - уязвимость в qemu

A NULL pointer dereference flaw was discovered in the SCSI emulation support of QEMU in versions prior to 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The greatest threat from this vulnerability is to system availability...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: Fixed a regression issue related to the removal of the procfs host directory The commit fc663711b944 “scsi: core: Removed the /proc/scsi/$procname directory earlier” fixed a bug related to module loading/unloading...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Freeing irq vectors in order for v3 HW If the driver probe fails to request the channel IRQ or fatal IRQ, the driver will free the IRQ vectors before freeing the IRQs in freeirq. This will cause a kernel BUG like...

Astra Linux - уязвимость в edk2

A BIOS bug in the firmware of a specific PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently cause damage to the system’s performance...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fixed an array overflow issue in stsetup. The array size is now adjusted to match the parameter size, rather than using a fixed value...

MAL-2026-4239 Malicious code in etherjs-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 335b4f699510e2bb1171a9137655f6977d5554f508e612eab97b4239c1249be1 package.json declares a postinstall script that performs an HTTPS GET to an ephemeral pinggy-free.link tunnel URL...

PT-2026-42185

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. This issue affects CityPLus: before V24.29750.1.0...

MAL-2026-3830 Malicious code in @zentrafinance/contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 867d053632b3bcc143ed8f9f0f75a1dccdc210cede972e8006d698ef796793e5 The package @zentrafinance/contracts was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3833 Malicious code in zentra-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e01d6a4a54894203355e9b44bb2489f91006985ffc2ea5d5650b172653cd76c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3827 Malicious code in string-manipulation-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bed3d44d42fd732fc0b3ec3b59c8c75fea479f97b78de4982c5b75bafd9af25 The package string-manipulation-typescript was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3824 Malicious code in parse-regex-string (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d7619f0cfdbd6c6bd09c366186aa4b333ed935b4bc33580097d598b3fc8bd5b The package parse-regex-string was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3797 Malicious code in dowload_ebok_stalking_jack_the_ripper_by_kerri_maniscalco_james_patterson_b529t (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1486e8a5f17dfc7a56252ff489f714a2ab7a0befd20da59b43d93d31f8587149 The package dowloadebokstalkingjacktheripperbykerrimaniscalcojamespattersonb529t was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3801 Malicious code in the_secret_of_running_by_hans_van_dijk_ron_van_megen_02jsk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11aa0239d26b0aae85ed4e3f9bc78838fbdfd47beb4bc9ab701687cb7081513e The package thesecretofrunningbyhansvandijkronvanmegen02jsk was found to contain malicious code. Source: ghsa-malware...

Malicious code in babel-6-compatibility (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8087b9d84c49b5f44fe119e347d1fe658395eb8af859209bcf8884716692229d The package babel-6-compatibility was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3793 Malicious code in simple-date-diff-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fb5f213f91d456c5ac949bf0995ee5310b944a9bf102b429edec11a99cfb6bf The package simple-date-diff-utils was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3779 Malicious code in alicloud-pop-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8996db2a99f506044afe3fa7d1776936c419425988ce0adab16938e0b1c72498 The package alicloud-pop-core was found to contain malicious code. Source: ghsa-malware...

CVE-2026-8560

CVE-2026-8560 describes a heap buffer overflow in SwiftShader used by Google Chrome on macOS and iOS, prior to Chrome 148.0.7778.168. The vulnerability allows a remote attacker to perform an out-of-bounds memory read via a crafted HTML page. Affected component: SwiftShader within Chrome; impact i...