Astra Linux – Vulnerability in grub2

A stack overflow flaw was discovered while reading a BFS file system. A specially crafted BFS file system may lead to an uncontrolled loop, causing grub2 to crash...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fixed NULL pointer dereferencing in cs35l41hdareadacpi The acpigetfirstphysicalnode function may return NULL. In such cases, the getdevice function also returns NULL. However, this value is then dereferenced...

FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions

...

SUSE CVE-2026-31703

In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inodeswitchwbsworkfn inodeswitchwbsworkfn has a loop like: wbgetnewwb; while 1 list = llistdelall&newwb-switchwbsctxs; / Nothing to do? / if !list break; ... process the items ... Now adding of...

CVE-2026-42779

creationtimestamp| type| source ---|---|--- 2026-05-01 12:50:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mks65q3xcz2i 2026-05-01 13:10:45+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mks7bkcvh72o 2026-05-02 15:00:06+00:00| seen|...

Cisco Adaptive Security Appliance (ASA) Software OSPF DoS Vulnerabilities (cisco-sa-asaftd-ospf-ZH8PhbSW)

According to its self-reported version, Cisco ASA Software is affected by multiple vulnerabilities. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

CVE-2026-28532

FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...

CVE-2026-28532

FRRouting before 10.5.3 is affected by an integer overflow in seven OSPF Traffic Engineering and Segment Routing TLV parser functions. A uint16_t accumulator truncates uint32_t values returned by TLV_SIZE(), causing the loop termination condition to fail while pointer advancement continues. An at...

Netfoil has incorrect allowlist enforcement

Summary Rules could be bypassed by changing the first character: example.com could be be bypassed by e.g. fxample.com. Details Off-by-one error in the suffixtrie implementation. Impact The domain filter could be bypassed. Please note that DNS filtering alone is not enough to block malicious traff...

PT-2026-35894

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description curl may erroneously pass credentials intended for a first proxy to a second proxy. This occurs when curl is configured to use different proxies for different URL schemes, the first proxy requir...

PT-2026-35896

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description When configured to use a .netrc file for credentials and to follow HTTP redirects, libcurl may leak the password used for the initial host to the subsequent host during the redirect process...

CVE-2026-7296

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

Decoding Q1 2026’s $152.9 Billion Crypto Custody Concentration

Crypto Custody Concentration hits $152.9B as institutions shift to derivatives, consolidating capital on top exchanges amid Q1 market slowdown...

CVE-2026-41386

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope...

CVE-2026-7296 SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

EUVD-2026-26146

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

CVE-2026-7296

SourceCodester Pizzafy Ecommerce System 1.0 contains an XSS vulnerability in the admin/ajax.php?action=save_order function, triggered by manipulation of the first_name argument. Remote exploitation is possible and exploits have been published. No remediation or patch details are provided in the s...

CVE-2026-7296

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

CVE-2026-41386 OpenClaw < 2026.3.22 - Privilege Escalation via Unbound Bootstrap Setup Codes

OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope...

CVE-2026-41386

OpenClaw is affected by a privilege-escalation vulnerability in bootstrap pairing where unbound bootstrap setup codes can be misassociated with device roles/scopes. Affected software: openclaw (npm). Vulnerable versions are