PT-2026-37214

Name of the Vulnerable Software and Affected Versions OpenCTI versions 6.6.0 through 6.9.12 Description OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. A privilege escalation issue allows unauthenticated attackers to query the API as any existi...

OpenCTI 授权问题漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions 6.6.0 to 6.9.12 of OpenCTI have vulnerabilities related to authorization. Attackers can exploit these vulnerabilities to access the API as any existing user, including the default administrator account...

PT-2026-37283

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.1.3 Description The MCP HTTP transport accepts JSON-RPC tools/call requests without requiring authentication, sessions, origins, or token checks, dispatching them directly to the orchestrator's tool registry...

systemd security update

257-13.0.1.el101.3 - Fix detection of Oracle Virtualization or BM envs Orabug: 37531877 - Avoid udevadm warnings when using udev valid configs Orabug: 37503197 - allow dm remove ioctl to co-operate with UEK3 Orabug: 18467469 - set 'RemoveIPC=no' in logind.conf as default Orabug: 22224874 - Fix...

CVE-2026-41686 Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes...

CVE-2026-42374

The CVE affects D-Link DIR-600L Hardware Revision B1 (EOL). A hardcoded telnet backdoor starts a telnet daemon at boot and uses the username "Alphanetworks" with a static password read from /etc/alpha_config/image_sign (wrgn61_dlwbr_dir600L). The custom telnetd accepts -u user:password, and the l...

Ollama contains a heap out-of-bounds read vulnerability in the GGUF model loader

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

EUVD-2026-26979

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

JLSEC-2026-420 When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could...

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a default entry that omits both login and password. A rare...

JLSEC-2026-437 When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a...

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

CLSA-2026-1777884162 Fix CVE(s): CVE-2018-8014

Fix build process: - debian/keystores/ca-cert.pem, ca.jks: regenerate self-signed test CA using the existing ca-key.pem previous CA valid only until 21.03.2025. New validity: 21.04.2026 to 18.04.2036. - debian/keystores/localhost-cert.pem, localhost.jks, localhost-copy1.jks: re-issue against the...

Astra Linux – Vulnerability in Tomcat9

The Padding Oracle vulnerability exists in Apache Tomcat’s EncryptInterceptor with the default configuration. This issue affects Apache Tomcat versions as follows: 11.0.0-M1 through 11.0.18, 10.0.0-M1 through 10.1.52, 9.0.13 through 9.0.115, 8.5.38 through 8.5.100, and 7.0.100 through 7.0.109...

Astra Linux – Vulnerability in OpenSSL

Issue Summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions. Impact Summary: Attackers may exploit certain server configurations to trigger unbounded memory growth, leading to a Denial of Service attack. This issue can occur in...

Astra Linux – Vulnerability in python-pysaml2

PySAML2 is a pure Python implementation of the SAML Version 2 Standard. Before version 6.5.0, PySAML2 had a flaw in the verification of cryptographic signatures. This issue affects users of pysaml2 who use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents. PySAML2...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port-pm on port-specific driver unbind When we unbind a serial port via a hardware-specific 8250 driver, the generic serial8250 driver takes over control of the port. After that, an oops occurs approximately ...

Astra Linux – Vulnerability in Perl

HTTP::Tiny, a Perl core module since version 5.13.9 and available as a standalone package on CPAN, has an insecure default TLS configuration. In this configuration, users are required to explicitly choose to verify certificates...

Astra Linux – Vulnerability in Tomcat9, libcommons-fileupload-java

Apache Commons FileUpload before version 1.5 does not limit the number of request parts that can be processed, which means that an attacker could potentially trigger a Denial-of-Service attack with a malicious upload or series of uploads. It’s important to note that, like all file upload...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Ensure successful attachment when a device is removed unexpectedly. When a PCI device is removed using hotplug, there may still be attempts to attach the device to the default domain as part of cleanup via...

Astra Linux – Vulnerability in Tomcat9

The “Time-of-check Time-of-use” TOCTOU race condition vulnerability during JSP compilation in Apache Tomcat allows for a race condition on case-insensitive file systems when the default servlet is enabled for writing not in the default configuration. This issue affects Apache Tomcat versions from...

Astra Linux – Vulnerability in OpenSSH

In OpenSSH 6.2 through 8.x, prior to version 8.8, when certain non-default configurations were used, privilege escalation could occur because supplementary groups were not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand might run with privileges...