Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: fixed a use-after-free in deviceforeachchild Syzbot has reported the following KASAN issue: BUG: KASAN: slab-use-after-free in deviceforeachchild+0x18f/0x1a0 Size 8 data read at address ffff88801f605308 by task kbne...

SUSE CVE-2025-71290

In the Linux kernel, the following vulnerability has been resolved: misc: tifpc202: fix a potential memory leak in probe function Use foreachchildofnodescoped to simplify the code and ensure the device node reference is automatically released when the loop scope ends...

CVE-2025-71290 misc: ti_fpc202: fix a potential memory leak in probe function

In the Linux kernel, the following vulnerability has been resolved: misc: tifpc202: fix a potential memory leak in probe function Use foreachchildofnodescoped to simplify the code and ensure the device node reference is automatically released when the loop scope ends...

Astra Linux - уязвимость в linux-5.15, linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the reference count for...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core: Ensure that the TX and RX FIFOs are empty at the start of a transfer. When transmitting with rxlen == 0, the RX FIFO will not be emptied in the interrupt handler. As a result, the next transfer might read dat...

Astra Linux - уязвимость в flask

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client’s session...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: HSI: omapssi: Fixed a refcount leak in ssiprobe. When returning from or prematurely terminating a foreachavailablechildofnode loop, we need to explicitly call ofnodeput on the child node to potentially release the node...

GHSA-FPJQ-C37H-CQCV Kyverno Controller Denial of Service via forEach Mutation Panic

Summary An unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller into a persistent CrashLoopBackOff. The same bug also causes the admission controller to drop connections and blo...

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion via the forEach mutation handler. An attacker can cause the cluster-wide background controller to crash into a persistent CrashLoopBackOff and disrupt all matching resource operations by creating a specially crafted...

EUVD-2026-25392

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...

Siemens SIMATIC S7-1500 Use After Free (CVE-2025-38212)

In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, 0 0: https://lore.ke rnel.org/all/[email protected]/ idrforeach is protected by rwsem, but th...

SUSE CVE-2026-23175

In the Linux kernel, the following vulnerability has been resolved: net: cpsw: Execute ndosetrxmode callback in a work queue Commit 1767bb2d47b7 "ipv6: mcast: Don't hold RTNL for IPV6ADDMEMBERSHIP and MCASTJOINGROUP." removed the RTNL lock for IPV6ADDMEMBERSHIP and MCASTJOINGROUP operations...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38212)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38212 advisory. - In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using R...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21865)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21865 advisory. - In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in...

CVE-2025-65349

A Stored Cross-Site Scripting XSS vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted payload due to unsanitized repeater AP SSID value when is displayed in any page at...

Each Italy Wireless Mini Router WIRELESS-N 300M has code-related vulnerabilities.

The Each Italy Wireless Mini Router WIRELESS-N 300M is a wireless router produced by Each Italy. There are code vulnerabilities in versions prior to 6.10.5 and 6.11.1, which stem from insecure .NET Remoting exposure in the SmartCardController service. These vulnerabilities could lead to arbitrary...

Each Italy Wireless Mini Router WIRELESS-N 300M has security vulnerabilities

The Each Italy Wireless Mini Router WIRELESS-N 300M is a wireless router produced by Each Italy. There is a security vulnerability in the version v28K.MiniRouter.20190211 of the Each Italy Wireless Mini Router WIRELESS-N 300M. This vulnerability stems from the lack of cleaning of the repeater AP...

CVE-2025-49354

Cross-Site Request Forgery CSRF vulnerability in Mindstien Technologies Recent Posts From Each Category recent-posts-from-each-category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through = 1.4...

EUVD-2025-205880

Cross-Site Request Forgery CSRF vulnerability in Mindstien Technologies Recent Posts From Each Category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through 1.4...

CVE-2025-49354

Technical details for CVE-2025-49354 are not provided in the supplied documents; no product, vendor, impact, or remediation specifics are disclosed here. Monitor for official updates.