Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables – Release flowtable after the rcu grace period with an error. The function synchronizercu is called after unregistering the hooks from the error path. This is because a hook that already references this...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: add a check for dpuplaneatomicprintstate to prevent invalid sspp values. Similar to the rpipe sspp protection, a check is added to prevent printing of the pipe’s state in a way that could lead to a NULL pointer...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - net: genl: fixed a memory leak in the error path during policy dumping. - If the construction of the policy array fails when recording non-first policies, we need to unwind the process. - The netlinkpolicydumpaddpolicy...

The-Full-Attack-Chain

⚔️ The Full Attack Chain — Capstone Red Team Engagement Int...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-wmi-sysman: Do not perform hex dumping of plaintext password data. setnewpassword performs hex dumping of the entire buffer, which contains plaintext password data, including current and new passwords. Remove...

Eternalblue-ms17-010-lab

01-EternalBlue-MS17-010-README.mdhttps://github.com/user-atta...

hdd-toolkit

HDD Firmware Toolkit A comprehensive Python toolkit for dumpi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013071)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013071 advisory. In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007276)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007276 advisory. In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call...

CVE-2026-23412 netfilter: bpf: defer hook memory release until rcu readers are done

In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: defer hook memory release until rcu readers are done Yiming Qian reports UaF when concurrent process is dumping hooks via nfnetlinkhooks: BUG: KASAN: slab-use-after-free in nfnlhookdumpone.isra.0+0xe71/0x10f0 Read...

CVE-2026-34553

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate and output produced by CIccMBB::Describe via CLUT dumping. This issue has been patched in version 2.3.1....

CVE-2026-34547

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior UB condition in IccUtil.cpp can be triggered by a crafted ICC profile when running iccDumpProfile. This issue has been patched in version 2.3.1.6...

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own...

Exploit for Allocation of Resources Without Limits or Throttling in Espressif Esp-Idf

CVE-2024-51428 - ZoneMinder Blind SQL Injection PoC Python wr...

injectproof

InjectProof The SQL injection scanner that finds what sqlma...

System-Exploitation-Privilege-Escalation

System Exploitation & Privilege Escalation Lab 📄 Project O...

CVE-2026-Termius

Termius macOS Application Vulnerability Report CVE-2026-Termi...

CVE-2022-26283

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the viewplan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

CVE-2022-26285

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...

CVE-2022-26284

Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manageclient endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests...