16822 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: idpf: fixed the PREEMPTRT raw/bh spinlock nesting issue for async VC handling The code has been changed to use a local lock instead of the raw spinlock provided by the completion structure in the idpfvcxn struct. This conversion ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spkmodeput The correct helper function to use in rt1011recvspkmodeput to retrieve the DAPM context is sndsoccomponenttodapm. From kcontrol, we will receive a NULL...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: The clearwalkcontrol function sets ctx-walkcontrol to the control structure provided by the caller before checking whether the context is running. If the context is inactive i.e., damonisrunning returns false, the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fixed an invalid wait context in ctxschedin Lockdep identified a bug in event scheduling when a pinned event failed, causing threads in the ring buffer to be awakened as described below. It seems that the wait-queue lo...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: accel/amdxdna: Fixed a crash that occurred when destroying a suspended hardware context. If the user space sends an ioctl to destroy a hardware context that has already been automatically suspended, the driver may crash becaus...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevents concurrent access to the IPSec ASO context. The querying or updating of IPSec offload objects occurs through the Access ASO WQE. The driver uses a single mlx5eipsecaso structure for each PF, which contains a...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Sleepable kprobemulti programs are rejected during attachment. kprobe.multi programs run in atomic/RCU contexts and cannot sleep. However, bpfkprobemultilinkattach did not validate whether the program being attached had the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed the RSS context deletion logic We need to free the corresponding RSS context VNIC in the framework FW every time an RSS context is deleted in the driver. The commit 667ac333dbb7 added a check to delete the VNIC in t...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Moving vbus draw to the workqueue context Currently, the dwc3gadgetvbusdraw function can be called from an atomic context. This, in turn, invokes APIs from the power-supply-core. Some of these PMIC APIs have...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: soc/tegra: pmc: Fixed the unsafe generichandleirq call. Currently, when resuming from system suspension on Tegra platforms, the following warning is observed: WARNING: CPU: 0 PID: 14459 at kernel/irq/irqdesc.c:666 Call trace:...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validates the owner of the durable handle upon reconnection. Currently, ksmbd does not verify whether the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: veth: Reduced the duration of the XDP operation by modifying the nodirect return section to avoid race conditions. As explained in the commit fa349e396e48 “veth: Fixed a race condition involving AFXDP, which exposes old or...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Fixed the issue where the sevreceivestart command failed due to the absence of the decommission step. The current SEV context must be discontinued if binding an ASID fails after a receivestart. According to AMD’s SEV AP...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: dm: Do not attempt to queue IO under RCU protection. The dm function looks up the table for IO based on the request type. It assumes that if the request is marked as REQNOWAIT, it’s safe to attempt to submit that IO while under t...
Astra Linux - уязвимость в golang-1.19
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Avoid using GFPKERNEL in an atomic context. Using GFPKERNEL in a preemption-disabled context results in the following warning when CONFIGDEBUGATOMICSLEEP is enabled. 32.542271 BUG: A sleeping function was called fro...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: rcv: process: Fix kernel gp leakage childregs represents the registers that are active for the new thread in the user context. For a kernel thread, childregs-gp is never used, as the kernel’s gp value is not touched by the switch...
CVE-2026-5075
The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...
CVE-2026-6404 Anomify AI <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'anomify_api_key' Parameter
The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'anomifyapikey' parameter in versions up to and including 0.3.6. This is due to insufficient input sanitization and missing output escaping: the plugin applies sanitizetextfie...
VIPER-MCP: Detecting and Exploiting Taint-Style Vulnerabilities in Model Context Protocol Servers
Model Context Protocol MCP has emerged as a standard interface for connecting LLM agents to external tools. Because MCP servers expose privileged operations such as shell execution, network access, and file-system manipulation to agent-driven invocation, implementation flaws in tool handlers can...