23697 matches found
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
EUVD-2026-40143
Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth callback URLs with unsanitized error query parameters. Attackers can exploit the OAuth...
CVE-2026-57958
Summary: Mixpost
PYSEC-2026-499 pyload-ng vulnerable to RCE with js2py sandbox escape
Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...
CVE-2026-57323
Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...
EUVD-2026-39735
Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...
CVE-2026-57323 WordPress Flash & HTML5 Video plugin <= 2.11.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...
CVE-2026-57323
The CVE-2026-57323 entry concerns the WordPress Flash & HTML5 Video plugin (versions <= 2.11.0). Affected component: the Flash & HTML5 Video functionality within the WordPress plugin. Root cause: Unauthenticated Broken Access Control, enabling access to resources without authentication. Impact...
PT-2026-52942
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the f2fs module, the f2fs sbi show function reads extension list, extension count, and hot ext count without holding the sb lock. If a concurrent sysfs store operation modifies the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: f2fs: The return value of f2fsrecoverfsyncdata has been fixed. With the following scripts, a panic will occur in f2fs: bash mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 /mnt/f2fs/foo f2fsio fsy...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: A fix was made to perform a sanity check on the destination blkaddr during recovery. As Wenqing Liu reported in Bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=216456 loop5: A change in capacity was detected, from 0...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove the SCSI host only if it has been added. If the host attempts to remove the ufshcd driver from a UFS device, a kernel panic will occur if the ufshcdasyncscan function fails during ufshcdprobehba. This issu...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtasflash: allows user copy to flash block cache objects With hardened usercopy enabled CONFIGHARDENEDUSERCOPY=y, using the /proc/powerpc/rtas/firmwareupdate interface to prepare a system firmware update results in a BUG:...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid potential deadlocks. The function f2fstrylockop was used in f2fswritecompressedpages to prevent potential deadlocks, just as we did in f2fswritesingledatapage...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed the issue where dcc-f2fsissuediscard was not invalidated during the error path. Syzbot reports a NULL pointer dereference issue as follows: refcountadd include/linux/refcount.h:193 inline refcountinc...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fixed the refcount leak in apflashinit. offindmatchingnode returns a node pointer with a refcount incremented; we should use ofnodeput on it when there is no longer a need for it. Add the missing ofnodeput call to avoi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: F2FS: fixed potential corruption when moving a directory. F2FS also has the same issue in ext4rename, which causes a crash, as revealed by xfstests/generic/707. See also commit 0813299c586b “ext4: Fix possible corruption when...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: The WARNONONCE call has been removed from ufshcduiccmdcompl. The UIC completion interrupt may be disabled while a UIC command is being processed. When the UIC completion interrupt is re-enabled, a UIC interrupt i...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed by removing the unnecessary f2fsbugon function to avoid panics. The verifyblkaddr function will trigger a panic once we introduce a fault into f2fsisvalidblkaddr; this unnecessary f2fsbugon function has been remove...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: Synchronize atomic write aborts To address the race condition between atomic write aborts, I use the inode lock and ensure that the COW inode can be reused throughout the entire lifetime of the atomic file inode...