Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: mt6797-mt6351 – Fixed the refcount leak in mt6797mt6351devprobe. The ofparsephandle function returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. Add th...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: - For partitions: fixed handling of bogus partition tables. Several issues in partition probing have been fixed: - The bailout mechanism for a bad partoffset must use putdevsector, since the previous readpartsector operation...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: rbd: Avoid use-after-free in dorbdadd, when rbddevcreate fails. If obtaining an ID or setting up a work queue in rbddevcreate fails, a use-after-free occurs on rbddev-rbdclient, rbddev-spec, and rbddev-opts in dorbdadd. The root...

PT-2026-42374

DevGuard has an unauthenticated identity assertion via X-Admin-Token header in github.com/l3montree-dev/devguard...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021602)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021602 advisory. In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bondsetupbyslave Commit 9eed321cde22 net: lapbether: only support...

Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...

GHSA-6M52-M754-PW2G Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...

PT-2026-41963

Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...

CVE-2026-32849 NetBSD Signed Integer Overflow in cryptodev_op via cryptodev.c

NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodevop function in sys/opencrypto/cryptodev.c where the local variable iovlen is declared as a signed int but assigned from an unsigned cop-dstlen value, causing undefined behavior when cop-dstlen exceeds...

EUVD-2026-29404

webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins...

GHSA-79CF-XCQC-C78W webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

Impact When webpack-dev-server is running on a non-HTTPS origin the default, cross-origin requests from malicious websites can load the dev server's JavaScript bundles via tags. The fix introduced in v5.2.1 CVE-2025-30359 relied on Sec-Fetch-Mode and Sec-Fetch-Site request headers to block these...

NPM: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

NPM: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins vulnerability discovered by ? in WordPress Npm webpack-dev-server versions = 5.2.3...

webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

Impact When webpack-dev-server is running on a non-HTTPS origin the default, cross-origin requests from malicious websites can load the dev server's JavaScript bundles via tags. The fix introduced in v5.2.1 CVE-2025-30359 relied on Sec-Fetch-Mode and Sec-Fetch-Site request headers to block these...

GHSA-6V92-PH9P-HRPC AMF Vulnerable to Improper Resource Shutdown or Release

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

CVE-2026-8783

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

CVE-2026-8782

A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made...

Linux Distros Unpatched Vulnerability : CVE-2026-6402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin...

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the RANConfiguration function in the file ngap/handler.go, which allows null pointer...

Malicious Package

Overview apple-internal-dev-check is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

OpenStack Ironic: Pre-Validation Checksum Calculation allows Denial of Service (DoS) via Infinite Block Devices

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...