Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Validated EaNameLength in smb2getea The smb2getea function reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length. However, it does not verify that the length of the...

HCL BigFix Cloud Lifecycle Management 安全漏洞

HCL BigFix Cloud Lifecycle Management is a terminal lifecycle management platform developed by the Indian company HCL. HCL BigFix Cloud Lifecycle Management has a security vulnerability, which stems from insufficient input validation. This vulnerability may lead to information leaks and allow...

PT-2026-46738

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in DevTools allows an attacker to leak cross-origin data. This occurs when a user is convinced to install a crafted malicious Chrome Extension...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability stemmed from insufficient execution of WebView policies on Android, which could allow remote attackers to leak cross-source data through...

SUSE-SU-2026:21725-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues Security issue: - CVE-2025-35979: data leaks fixed in 20260512 release bsc1265189. Non security issues: - TW 20250826 Kernel 6.16.3 tainted with value of 4 after reboot. bsc1249138. - Intel CPU Microcode was updated to the 20260512 release...

MAL-2026-4373 Malicious code in @budetzz/libsignal-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2dbcccc761971dfc5f844f59f362fe32ee1e0b9a3cd91ddd4fc87be5c8b013a The package is published under the name @budetzz/libsignal-node, impersonating the well-known libsignal Signal-protocol library, but the homepage and...

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have a security vulnerability that stems from an authorization bypass in the calendar event front-end dialog box. This vulnerability could lead to cross-calendar data leaks...

Astra Linux - уязвимость в linux-5.10, linux

An incorrect TLB flush issue was detected in the Linux kernel’s GPU i915 kernel driver. This flaw may lead to random memory corruption or data leaks. It could also allow a local user to crash the system or escalate their privileges on the system...

Astra Linux - уязвимость в linux-5.10, linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...

Auditing Apple'S DifferentialPrivacy.Framework: Implementation Bugs, Misconfigurations, and Practical Risks

Since 2016, Apple has claimed that device analytics collected to improve user experience are protected by differential privacy DP. Apple's DifferentialPrivacy.framework is deployed across its operating systems and handles sensitive signals such as Safari domains, keyboard events, photo attributes...

AI Agent Security: Automating Workflow Without Creating Prompt Injection or Data Leak Risks

AI agent security starts with a simple fact: the more authority an agent has, the tighter its access…...

IT threat evolution in Q1 2026. Non-mobile statistics

IT threat evolution in Q1 2026. Non-mobile statistics IT threat evolution in Q1 2026. Mobile statistics The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing...

EUVD-2026-30453

Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

USN-8236-1 slurm-wlm vulnerabilities

It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify files or leak sensitive information. This issue only affected Ubuntu 22.04 LTS. CVE-2023-41914 Ryan Hall discovered that Slurm did not correctly enforce certai...

GHSA-4GP8-RJRQ-CH6Q link-preview-js vulnerable to IPv6 and internal loopback attacks

Impact The library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. Patches Problem has been patched in version 4.0.1. However, it cannot be completely solved by the package alone. T...

PT-2026-36988

Name of the Vulnerable Software and Affected Versions Axios versions 1.0.0 through 1.15.1 Description Axios is a promise-based HTTP client for the browser and Node.js. The HTTP adapter reads five configuration properties—auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser—via direct...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Shmem writes are flushed before mapping buffers with cached mappings. The shmem layer zeroes out new pages using cached mappings. If we do not flush these writes using the CPU, we might leave dirty cachelines behind,...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in vDPA with the VDUSE backend. Currently, there are no checks in the VDUSE kernel driver to ensure that the size of the device configuration space is consistent with the features advertised by the VDUSE user-space application. In the event of a mismatch, the Virtio driver...