Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/srpt: Do not register the event handler until the srpt device is fully set up. In rare cases, KASAN reports a use-after-free error in the srptrefreshport function. This appears to occur because the event handler is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Avoid invalid reads in irdmanetevent. The irdmanetevent function should not dereference anything from “neigh” alias “ptr” until it has checked that the event is of type NETEVENTNEIGHUPDATE. Other events are pointed to...

GHSA-R47G-FVHR-H676 DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM

INPLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM CWE: CWE-79 XSS — Improper Neutralization of Input During Web Page Generation via CWE-693 Protection Mechanism Failure — silent no-op when forceRemove is called on a parent-less node Summa...

CVE-2026-53742

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser...

CVE-2026-53742 Simple Link Directory through 9.0.4 Stored XSS via Embed Shortcode Attributes

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser...

PT-2026-48556

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser...

EUVD-2026-35703

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an...

CVE-2026-48527

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

CVE-2026-48527

HAX CMS (PHP/NodeJS backends) is affected up to version 26.0.0 by a stored XSS in the /system/api/saveNode endpoint. An authenticated user with page-edit permissions can bypass the HTML sanitizer by injecting an event handler attribute without whitespace before the attribute name. Affected compon...

CVE-2026-45865

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...

PT-2026-43732

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mctp-i2c device where i2c reads fail to initialize the event handler read bytes. This causes reads to return the val variable from the i2c bus driver. In the cases...

CVE-2026-45865

mctp i2c: initialise event handler read bytes...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: Initializes the bytes read by the event handler. IPMB does not use i2c reads; however, the handler needs to set a value. Otherwise, an i2c read will return an uninitialized value from the bus...

MCP Registry 跨站脚本漏洞

MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.7 contained a cross-site scripting vulnerability. This vulnerability originated from the public directory UI; server-side validation only checked whether the URL...

CVE-2026-0236

A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser...

PT-2026-40748

Name of the Vulnerable Software and Affected Versions Prisma Browser on macOS affected versions not specified Description A code injection issue exists where the software fails to properly restrict access to its AppleScript interface. This allows a locally authenticated non-admin user to use an...

EUVD-2026-28774

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix deadlock between devlink lock and esw-wq esw-workqueue executes eswfunctionschangedeventhandler - eswvfschangedeventhandler and acquires the devlink lock. .eswitchmodeset acquires devlink lock in devlinknlpredoit -...

CVE-2026-43468

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix deadlock between devlink lock and esw-wq esw-workqueue executes eswfunctionschangedeventhandler - eswvfschangedeventhandler and acquires the devlink lock. .eswitchmodeset acquires devlink lock in devlinknlpredoit -...

CVE-2026-43468

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix deadlock between devlink lock and esw-wq esw-workqueue executes eswfunctionschangedeventhandler - eswvfschangedeventhandler and acquires the devlink lock. .eswitchmodeset acquires devlink lock in devlinknlpredoit -...

CVE-2026-43468

CVE-2026-43468 affects the Linux kernel net/mlx5 subsystem, where a deadlock can occur between the devlink lock and the esw->work_queue. The deadlock trace involves esw_functions_changed_event_handler executing esw_vfs_changed_event_handler, while eswitch_mode_set acquires the devlink lock and...