Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: sctp: Detect and prevent references to a freed transport in sendmsg. sctpsendmsg reuses transports whenever possible by performing a lookup based on the socket endpoint and the message destination address. Then,...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: The backend for setting up DEAD bits was changed to use the GC transaction API. The old and buggy gc API and the busy mark approach have been replaced with the GC transaction API. No set elements are remov...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: In the tty subsystem, for the ngsm module, a race condition occurred during the modification of the status line of a dead connection. The gsmcleanupmux function cleans up the GSM-related resources by closing all Data Link Control...

PYSEC-2026-207 durabletask 1.4.1, 1.4.2, and 1.4.3 contain malicious code distributed via a compromised maintainer account

durabletask versions 1.4.1, 1.4.2, and 1.4.3 were published on 2026-05-19 within a 35-minute window through a compromised PyPI maintainer account and contained malicious code. On import, the package fetched a remote payload rope.pyz from an attacker-controlled host and executed it. The payload wa...

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service MaaS campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active...

EUVD-2026-34055

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

CVE-2026-9732

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

WordPress plugin EmergencyWP – Dead Man s switch & legacy deliverance 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-9732

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

WordPress EmergencyWP – Dead Man's switch & legacy deliverance plugin <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by swat in WordPress Plugin EmergencyWP – Dead Man's switch & legacy deliverance versions = 1.4.2...

GHSA-RWJR-QJJ3-MQ2F Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`

Summary modules/categories.php checks that the supplied type parameter ANN, EVT, ROL, USF, … corresponds to a module the actor administers. The follow-up "is this specific category editable by me" check at lines 56-61 is dead code because it compares $getType a category-type code against mode nam...

Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`

Summary modules/categories.php checks that the supplied type parameter ANN, EVT, ROL, USF, … corresponds to a module the actor administers. The follow-up "is this specific category editable by me" check at lines 56-61 is dead code because it compares $getType a category-type code against mode nam...

exit: prevent preemption of oopsing TASK_DEAD task

...

SUSE CVE-2026-46173

In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASKDEAD task When an already-exiting task oopses, maketaskdead currently calls dotaskdead with preemption enabled. That is forbidden: dotaskdead calls schedule, which has a comment saying...

PT-2026-45037

Summary modules/categories.php checks that the supplied type parameter ANN, EVT, ROL, USF, … corresponds to a module the actor administers. The follow-up "is this specific category editable by me" check at lines 56-61 is dead code because it compares $getType a category-type code against mode nam...

CVE-2026-46173

In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASKDEAD task When an already-exiting task oopses, maketaskdead currently calls dotaskdead with preemption enabled. That is forbidden: dotaskdead calls schedule, which has a comment saying...

CVE-2026-46173

CVE-2026-46173 concerns the Linux kernel. The issue arises when an already-exiting task oopses and make_task_dead() calls do_task_dead() with preemption enabled, while __schedule() must be called with preemption disabled. If a preempted oopsing task is still in the dead-state, finish_task_switch(...

CVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD task

In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASKDEAD task When an already-exiting task oopses, maketaskdead currently calls dotaskdead with preemption enabled. That is forbidden: dotaskdead calls schedule, which has a comment saying...

CVE-2026-46173

In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASKDEAD task When an already-exiting task oopses, maketaskdead currently calls dotaskdead with preemption enabled. That is forbidden: dotaskdead calls schedule, which has a comment saying...