RockyLinux 10 : systemd (RLSA-2026:18153)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18153 advisory. systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump CVE-2025-4598 Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2026-44660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and...

systemd security update

An update is available for systemd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The systemd packages contain systemd, a system and service manager for Linux...

CVE-2026-45845

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTMDELQDISC, tapriograft is called with new == NULL and stores NULL into q-qdiscscl - 1. Subsequent RTMGETTCLASS dump operatio...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the net/sched/taprio module failing to perform null pointer checks on deleted sub-qdisc objects...

RockyLinux 9 : systemd (RLSA-2025:22660)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:22660 advisory. systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump CVE-2025-4598 Tenable has...

RLSA-2025:22660 Moderate: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: PowerPC: Do not attempt to copy PPR for tasks with NULL pt regs. The PowerPC architecture sets PFKTHREAD and PFIOWORKER to NULL pt regs. From my arguably very brief testing, this is not commonly done for other architectures. This...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: Defer the release of memory until after the rcu readers have finished their operations. Yiming Qian reported a UaF issue when a concurrent process was dumping hooks via nfnetlinkhooks. Bug: KASAN: A...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: netlink: Do not hard code the device address length in fdb dumps. syzbot reports that some netdev devices do not have a six-byte address. Replace ETHALEN with dev-addrlen. 1 This applies to devices where dev-addrlen = 4. BUG:...

hdd-toolkit

HDD Firmware Toolkit A comprehensive Python toolkit for dumpi...

PT-2026-41345

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login userid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...

CVE-2026-43331

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Disable KCOV instrumentation after loadsegments The loadsegments function changes segment registers, invalidating GS base which KCOV relies on for per-cpu data. When CONFIGKCOV is enabled, any subsequent instrumented C...

EUVD-2023-60568

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

Astra Linux - уязвимость в linux-5.15, linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: tracing: Make sure traceprintk can output as soon as it can be used Currently traceprintk can be used as soon as earlytraceinit is called from startkernel. But if a crash happens, and "ftracedumponoops" is set on the kernel comma...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close netlink supports iterative dumping of data. It provides the following operations: - start – Optional Initiates the dumping process. - dump – The actual dumping process; this...

Astra Linux - уязвимость в ceph

A privilege escalation flaw was discovered in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root through a crash dump, thereby exposing privileged information...

CVE-2026-33448

CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets...

CVE-2026-33448 Format string vulnerability in MacOS clients prior to 14.50

CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets...