Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: Deallocating the damoncall function fails, resulting in the damonctx object being leaked. The damonstatstart function always allocates the module’s damonctx object damonstatcontext. However, if the damoncall functi...

CVE-2026-39434

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

CVE-2026-39434 WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

CVE-2026-39434

CVE-2026-39434 affects WordPress CTX Feed plugin (WebAppick CTX Feed) versions

PT-2026-49369

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

CVE-2026-46068 crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx

In the Linux kernel, the following vulnerability has been resolved: crypto: nx - fix bounce buffer leaks in nx842cryptoalloc,freectx The bounce buffers are allocated with getfreepages using BOUNCEBUFFERORDER order 2 = 4 pages, but both the allocation error path and nx842cryptofreectx release the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fixed an invalid wait context in ctxschedin Lockdep identified a bug in event scheduling when a pinned event failed, causing threads in the ring buffer to be awakened as described below. It seems that the wait-queue lo...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: A potential memory leak was fixed in damonreclaiminit. damonreclaiminit allocates a memory chunk for ctx using damonnewctx. When damonselectops fails, the ctx is not released, which will lead to a memory leak. W...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Added a lock to protect the encoder context list. A lock was added for the ctxlist to prevent accessing a NULL pointer within the 'vpuencipihandler' function when the ctxlist is deleted due to an unexpect...

PT-2026-36451

In the Linux kernel, the following vulnerability has been resolved: bnxt en: set backing store type from query type bnxt hwrm func backing store qcaps v2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctx arr...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011113)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011113 advisory. In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clear workbit to handle error condition During error on CLOSEINSTANCE command,...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-34944 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-34944 Source advisory: OSV:GHSA-QQFJ-4VCM-26HV...

WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin CTX Feed versions = 6.6.26...

UBUNTU-CVE-2026-23421

In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctxrestoremidbb in release ctxrestoremidbb memory is allocated in wabbstore, but xeconfigdevicerelease only frees ctxrestorepostbb. Free ctxrestoremidbb0.cs as well to avoid leaking the allocation when the...

EUVD-2026-15253

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

UBUNTU-CVE-2026-23311

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

CVE-2026-27959 Koa has Host Header Injection via `ctx.hostname`

Koa is middleware for Node.js using ES2017 async functions. Prior to versions 3.1.2 and 2.16.4, Koa's ctx.hostname API performs naive parsing of the HTTP Host header, extracting everything before the first colon without validating the input conforms to RFC 3986 hostname syntax. When a malformed...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-27204 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27204 Source advisory: OSV:GHSA-852M-CVVP-9P4W...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-27204 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27204 Source advisory: OSV:RUSTSEC-2026-0020...

CVE-2025-12975

The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...