Astra Linux - уязвимость в python-django

A issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are vulnerable to a denial-of-service attack due to very large inputs containing a specific sequence of characters...

2026-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 (KB5087065)

2026-05 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 KB5087065...

2026-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5087544)

2026-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems KB5087544...

CVE-2026-41661

Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msgwindow.php. The endpoint passes user input through htmlspecialchars, which does not encode...

CVE-2026-34384 Admidio: Missing CSRF Protection on Registration Approval Actions

Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...

CVE-2026-34384 Admidio: Missing CSRF Protection on Registration Approval Actions

Admidio is an open-source user management solution. Prior to version 5.0.8, the createuser, assignmember, and assignuser action modes in modules/registration.php approve pending user registrations via GET request without validating a CSRF token. Unlike the deleteuser mode in the same file which...

CVE-2026-34383

Affected product: Admidio open-source user management. Vulnerability: In versions before 5.0.8, the inventory module’s item_save endpoint accepts a user-controllable POST parameter named “imported” that, when true, bypasses both CSRF validation and server-side form validation. An authenticated us...

CVE-2026-34382 Admidio: Missing CSRF Protection on Custom List Deletion in mylist_function.php

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylistfunction.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently...

CVE-2026-34382

Admidio (open-source user management) has a CSRF protection issue in the delete mode handler of mylist_function.php. From version 5.0.0 up to 5.0.7, deleting list configurations could occur without validating a CSRF token, allowing an authenticated user’s page to silently destroy their own list c...

CVE-2026-34382 Admidio: Missing CSRF Protection on Custom List Deletion in mylist_function.php

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylistfunction.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently...

CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

PT-2026-29349

Name of the Vulnerable Software and Affected Versions Admidio versions 5.0.0 through 5.0.7 Description The delete mode handler in mylist function.php does not validate a CSRF token before permanently deleting list configurations. An attacker can exploit this by luring an authenticated user to a...

CVE-2022-50871

creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

PT-2026-25253

Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through = 5.0.8...

CVE-2025-54161

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

VulnCheck KEV: CVE-2024-56159

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

WordPress plugin WpEvently 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003578)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003578 advisory. The Siemens R3964 line discipline driver in drivers/tty/nr3964.c in the Linux kernel before 5.0.8 has multiple race conditions. Tenable has extracted the preceding...

CVE-2022-50863

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: free unused skb to prevent memory leak This avoid potential memory leak under power saving mode...

CVE-2022-50833

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev-workqueue when queuing hdev-cmd,ncmdtimer works syzbot is reporting attempt to schedule hdev-cmdwork work from systemwq WQ into hdev-workqueue WQ which is under draining operation 1, for commit c8efcc2589464ac...