EUVD-2026-34129

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llcshdlcdeinit purges SHDLC skb queues and frees the llcshdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule smwork...

CVE-2026-46041 greybus: gb-beagleplay: fix sleep in atomic context in hdlc_tx_frames()

In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: fix sleep in atomic context in hdlctxframes hdlcappend calls usleeprange to wait for circular buffer space, but it is called with txproducerlock a spinlock held via hdlctxframes -...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Avoid leaving a dangling sk pointer in rfcommsockalloc btsockalloc attaches the allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave a dangling pointer i...

EUVD-2025-209675

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI autoqueue feature for IPCR DL channels MHI stack offers the 'autoqueue' feature, which allows the MHI stack to auto queue the buffers for the RX path DL channel. Though this feature simplifies the client...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: mc: Fix graph walk in mediapipelinestart The graph walk attempts to follow all links, even if they are not between pads. This can cause a crash, especially with a link of type MEDIALNKFLANCILLARYLINK. This issue is fixed b...

Astra Linux - уязвимость в firefox, thunderbird

The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

GHSA-XRCR-GMF5-2R8J Gogs: Stored XSS via data URI in issue comments

Summary A Stored Cross-site Scripting XSS vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrary JavaScript execution via malicious links. Details The...

CVE-2026-3052

A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. ...

CVE-2026-3052

A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. ...

CVE-2026-3053 DataLinkDC dinky OpenAPI Endpoint AppConfig.java addInterceptors missing authentication

A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...

CVE-2026-3052

A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. ...

EUVD-2026-7443

A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the component Project Name Handler. Such manipulation of the argument projectName leads to path traversal...

CVE-2026-3051

DataLinkDC dinky (up to 1.2.5) is affected by CVE-2026-3051. The vulnerability is in the getProjectDir function of git-related code (dinky-admin/src/main/java/org/dinky/utils/GitRepository.java, Project Name Handler). Improper handling of the projectName argument enables path traversal, with remo...

CVE-2024-54192

CVE-2024-54192 affects Tcpreplay 4.5.1. A crafted file can trigger a denial of service via the tcpedit_dlt_getplugin function in src/tcpedit/plugins/dlt_utils.c, enabling a local attacker to disrupt operation. The provided description specifies the vulnerable component and impact but does not inc...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. CVE-2025-39977...

CVE-2025-15282 Header injection via newlines in data URL mediatype

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

MiracleLinux 9 : nodejs:18 (AXSA:2024-8778:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8778:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004252)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004252 advisory. A flaw was found in the HDLCPPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation i...

CVE-2026-22025

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP...

CVE-2026-21900

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in...