ROS-20260505-73-0056

Vulnerability in python3.10 related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260505-73-0055

Vulnerability in python3 related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fixed the crash that occurred when using WRITESAME without a data buffer. In the newer version of the SBC specifications, there’s a NDOB bit that indicates that there is no data buffer being written. If this bit is...

Astra Linux – Vulnerability in Ruby 2.5

REXML is an XML toolkit for Ruby. The REXML gem before version 3.3.6 has a DoS vulnerability when it parses XMLs that contain many elements with the same local name attribute. If you need to parse untrusted XMLs using tree parser APIs like REXML::Document.new, you may be vulnerable to this...

Astra Linux – Vulnerability in JQuery

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources—even after sanitizing it—to one of jQuery’s DOM manipulation methods e.g., .html, .append, etc. may execute untrusted code. This issue has been fixed in jQuery 3.5.0...

Astra Linux – Vulnerability in Linux 5.10

In the kernel/bpf/hashtab.c file within the Linux kernel, up to version 5.13.8, there is an integer overflow and out-of-bounds write vulnerability when multiple elements are placed in a single bucket. NOTE: Exploitation may be impractical without the CAPSYSADMIN capability...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89 – fixed a potential leak in rtw89.AppendProbeReqie. Perform kfreeskbnew before goto out to prevent potential leaks...

Astra Linux – Vulnerability in Linux 5.10

The nftablesnewset function in net/netfilter/nftablesapi.c in the Linux kernel before version 5.12.13 allows local users to cause a denial of service due to NULL pointer dereferencing and general protection faults, caused by the absence of initialization for nftsetelemexpralloc. A local user can...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: restore set elements when delete set fails From the abort path, nftmapelemactivate needs to restore refcounters to their original state. Currently, it uses set-ops-walk to iterate over these set elements. The...

Astra Linux – Vulnerability in Chromium

Before version 106.0.5249.91, using “after free” in Custom Elements in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerabilities in Python 2.7, Python 3.11, Python 3.7

When constructing nested elements using XMLDom.minidom methods like appendChild, which rely on clearidcache, the algorithm has a quadratic complexity. This can affect the availability of documents when they are constructed with excessively nested structures...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211 – Fix for buffer overflow in elem comparison. For vendor elements, the code assumes that 5 octets are present without checking them. Since the element itself has already been checked for compatibility, we only need...

WordPress Unlimited Elements For Elementor plugin <= 1.5.140 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.140...

CVE-2026-1577

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

EUVD-2026-26439

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

Cross-site Scripting

DOMPurify is vulnerable to a Cross-site Scripting. The vulnerability is due to reliance on prototype-inherited properties during sanitization, where a prior prototype pollution can inject permissive tagNameCheck and attributeNameCheck logic, allowing malicious elements and attributes including...

ROS-20260430-73-0001

A vulnerability in valkey is related to insufficient neutralization of special elements in a request. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2026-39708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through = 1.3.14...

JLSEC-2026-318

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VMarrayfill in H5VM.c called from H5Sselectelements in H5Spoint.c...

MyBB Recent threads 跨站脚本漏洞

MyBB Recent threads is a plugin provided by MyBB Corporation that displays the latest topic lists on forums. Version 17.0 of MyBB Recent threads contains a cross-site scripting vulnerability. This vulnerability stems from persistent cross-site scripting, allowing attackers to inject malicious...