Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecishtp: Fixed a UAF issue after unbinding the driver. After unbinding the driver, another kthread named crosecconsolelogwork still accesses the device, resulting in a UAF and system crash. The driver does no...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: hwmon: In the readstring function, the sensor index is checked. This prevents potential invalid memory accesses when the requested sensor is not found. findecsensorindex may return a negative value e.g., -ENOENT, but its result w...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: Fixed an oops error when removing custom query handlers. When removing custom query handlers, the handler may still be used within the EC query workqueue. This could lead to a kernel oops if the module that holds the...

Astra Linux – Vulnerability in krb5

In kdc/kdcpreauthec.c of the Key Distribution Center KDC in MIT Kerberos 5 also known as krb5, before versions 1.18.4 and 1.19.x, and before version 1.19.2, remote attackers could exploit a vulnerability that led to a NULL pointer dereferencing and a crash of the daemon. This occurs because the...

CVE-2026-54419

PIAF-HMS (PBX-In-A-Flash Hotel Management System) contains multiple unauthenticated SQL injection vulnerabilities. The app has no authentication and passes user-supplied HTTP parameters directly into deprecated mysql_query() calls via string concatenation, without sanitization, escaping, or param...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40263)

In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to buttonsswitchesonly in croseckeybprobe, ckdev-idev remains NULL. An invalid memory access is observed in croseckeybprocess when...

Security update for libjxl (important)

openSUSE Security Update: Security update for libjxl Announcement ID: openSUSE-SU-2026:0182-1 Rating: important References: 1266460 Cross-References: CVE-2025-70103 CVSS scores: CVE-2025-70103 SUSE: 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE...

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0–v78.12.0 expose EC private keys via the public /token_keys endpoint, enabling private key disclosure for EC-based JWT signing. Affected components: uaa_release (v76.12.0–v78.12.0) and CF Deployment (v30.0.0–v56.0.0). Root cause: misexposure of EC private key ma...

CVE-2026-9493

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details...

CVE-2026-46134

A flaw was found in the Linux kernel's crosectypec component. This vulnerability occurs because a mutex, a mechanism used to prevent simultaneous access to shared resources, was not properly initialized during Thunderbolt registration. This oversight can lead to a NULL dereference, potentially...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the data-lock mutex is not initialized during Thunderbolt registration using...

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE CVE-2026-23401 In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only WARN in direct MMUs when overwriti...

Amazon Linux 2023 : editorconfig, editorconfig-devel, editorconfig-libs (ALAS2023-2026-1642)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1642 advisory. editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an...

OESA-2026-2258 editorconfig security update

EditorConfig makes it easy to maintain the correct coding style when switching between different text editors and between different projects. The EditorConfig project maintains a file format and plugins for various text editors which allow this file format to be read and used by those editors...

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

╔═════════════════════════════════════════════════════════...

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

CVE-2026-0073 PoC Wireless ADB TLS Auth Bypass This directo...

CVE-2026-43283

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ecbhf: Fix dmafreecoherent dma handle dmafreecoherent in error path takes priv-rxbuf.alloclen as the dma handle. This would lead to improper unmapping of the buffer. Change the dma handle to priv-rxbuf.allocphys...

CVE-2026-43283

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ecbhf: Fix dmafreecoherent dma handle dmafreecoherent in error path takes priv-rxbuf.alloclen as the dma handle. This would lead to improper unmapping of the buffer. Change the dma handle to priv-rxbuf.allocphys...

CLSA-2026-1777999127 Fix CVE(s): CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390

SECURITY UPDATE: fix UAF/double-free in DANE client by using X509free for dane-mcert - debian/patches/CVE-2026-28387.patch: fix UAF/double-free in DANE client by using X509free for dane-mcert - CVE-2026-28387 SECURITY UPDATE: NULL check delta-crlnumber before ASN1INTEGERcmp in checkdeltabase -...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories CVE-2025-68736 In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context CVE-2026-23102 In the Linu...