Astra Linux - уязвимость в binutils

A vulnerability was discovered in GNU Binutils 2.44 and is classified as problematic. This issue affects the processdebuginfo function in the binutils/dwarf.c file, within the DWARF Section Handler component. The vulnerability results in a memory leak. Local attacks are required to exploit this...

Astra Linux - уязвимость в python-oslo.utils

A flaw was discovered in python-oslo-utils. Due to improper parsing, passwords that contain double quotes " cause incorrect masking in debug logs, resulting in any part of the password after the double quote being displayed as plain text...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in respmodeselect+0xa4c/0xb40 drivers/scsi/scsidebug.c:2509...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix shared irq handling on driver remove lima uses a shared interrupt, so the interrupt handlers must be prepared to be called at any time. At driver removal time, the clocks are disabled early and the interrupts stay...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed NULL pointer dereferencing in i40edbgdumpdesc. When attempting to dump VFs using debugfs, a crash occurred due to NULL pointer dereferencing in i40edbgdumpdesc. A check was added to i40edbgdumpdesc to ensure that the...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe recursion The cortexa76erratum1463225debughandler function is called when handling debug exceptions and synchronous exceptions from BRK instructions, and so is called when a probed function executes. If...

arbor-ai (>=0.1.5 <=0.1.14), coreason-runtime (>=0.1.0 <=0.3.0) +11 more potentially affected by CVE-2026-7669 via sglang (>=0.1.26 <=0.5.2)

sglang PYPI version =0.1.26, =0.1.5, =0.1.0, =1.1.0, =2.0.0b40, =0.4.0, =0.0.1, =0.1.0, =0.1.0, =0.0.1.post1, =0.0.0, =0.8.0, =0.10.7 Source cves: CVE-2026-7669 Source advisory: OSV:GHSA-6M5F-673F-5VH7...

CVE-2026-31721

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fhid: move list and spinlock inits from bind to alloc There was an issue when you did the following: - setup and bind an hid gadget - open /dev/hidg0 - use the resulting fd in EPOLLCTLADD - unbind the UDC - bind the...

Sensitive Information Disclosure

Apache Kafka is vulnerable to Sensitive Information Disclosure. The vulnerability is due to logging of sensitive request and response data at DEBUG level in the NetworkClient component, which allows an attacker with log access to obtain sensitive information...

TP-Link WR841N Router multiple vulnerabilities

RISK EVALUATION Multiple TP-Link products TP-Link Archer C20 V5, Archer C20 6.0, Archer AX53 v1.0 and TL-WR841N v13 are affected by multiple vulnerabilities. The most severe of these vulnerabilities could allow an adjacent, unauthenticated attacker to execute administrative commands. 2...

CVE-2026-5039

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

Unity Linux 20.1070e Security Update: binutils (UTSA-2026-015477)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015477 advisory. A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debugtypesamep of the file /binutils/debug.c of the...

CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a targ...

CVE-2026-7022

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

CVE-2026-7022

CVE-2026-7022 affects SmythOS sre up to 0.0.15. The vulnerability lies in the HTTP Header Handler’s AgentRuntime function (packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts), where manipulation of the arguments X-DEBUG-RUN/X-DEBUG-INJ enables improper authentication. The issue allow...

CVE-2026-7022

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

EUVD-2026-25697

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

SmythOS 授权问题漏洞

SmythOS is an open-source infrastructure for the execution and development of AI agents. Versions of SmythOS 0.0.15 and earlier contained vulnerabilities related to authorization. These vulnerabilities stemmed from the handling of X-DEBUG-RUN/X-DEBUG-INJ parameters in the AgentRuntime function...

SUSE CVE-2026-31648

In the Linux kernel, the following vulnerability has been resolved: mm: filemap: fix nrpages calculation overflow in filemapmappages When running stress-ng on my Arm64 machine with v7.0-rc3 kernel, I encountered some very strange crash issues showing up as "Bad page state": " 734.496287 BUG: Bad...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /debug/vars endpoint, which exposes the process command line including sensitive startup flags. An attacker can gain unauthorized access to admin-only endpoints by retrieving the admin token and replaying it...