Astra Linux - уязвимость в node-es5-ext

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or functiontoStringTokens may cause the script to stall. This vulnerability has been fixed in v0.10.63...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: gadget: ffs: The ffsdataclear function must clear the ffseventfd. This function is indirectly called from both ffsfskillsb and ffsep0release. As a result, it is called twice—once when the userland process closes ep0 and...

Astra Linux - уязвимость в libcaca

A flaw was discovered in libcaca. A buffer overflow in the export.c file, specifically in the exporttroff function, may lead to memory corruption and other potential issues...

Astra Linux - уязвимость в ffmpeg5

FFmpeg v.n6.1-3-g466799d4f5 allows for memory consumption when using the colorcorrect filter, specifically in the avmalloc function located at line 105:9 of the libavutil/mem.c file...

Astra Linux - уязвимость в ofono

A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug occurs within the decodedeliver function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through SMS. There i...

Astra Linux - уязвимость в php7.3

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21, and 8.0.x below 8.0.8, when using URL validation functionality via the filterVar function with the FILTERVALIDATEURL parameter, a URL with an invalid password field can be accepted as valid. This can cause the code to incorrectly parse the U...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ovl: Filtering invalid inodes with a missing lookup function. A check has been added to the ovldentryweird function to prevent the processing of directory inodes that lack the lookup function. This is important because such inode...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: rtnetlink: Allocate sufficient vfinfo size for VF GUIDs when supported. Commit 30aad41721e0 "net/core: Add support for getting VF GUIDs" added support for obtaining VF port and node GUIDs in netlink’s ifinfo messages. However,...

Astra Linux - уязвимость в libsdl1.2

It was discovered that SDL v1.2 contains a use-after-free issue due to the XFree function in the file /src/video/x11/SDLx11yuv.c...

Astra Linux - уязвимость в emacs

In Emacs versions before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbreviation even when it specifies an unsafe function, such as shell-command-to-string. This issue affects Org Mode before 9.7.5...

CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

CVE-2025-15369

CVE-2025-15369 affects the WordPress plugin Xpro Addons — 140+ Widgets for Elementor. All versions up to and including 1.5.0 are vulnerable due to a missing capability check in the get_content_editor function, enabling unauthenticated attackers to modify data and create published Xpro templates. ...

EUVD-2026-31041

The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and including 0.9.2. This is due to the complete absence of nonce verification on the settings save handler in the w2cadmin function, combined with missing inp...

CVE-2026-7467

The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported...

CVE-2026-6394

CVE-2026-6394 affects Nexa Blocks ≤ 1.1.1 (WordPress Gutenberg/FSE plugin). The import_demo() function accepts a user-supplied URL in demo_json_file via POST and forwards it to wp_remote_get() without URL validation or internal-network restrictions, enabling unauthenticated SSRF to arbitrary dest...

CVE-2026-6452

The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgamessyndicatesubmenu function. This makes it possible for unauthenticated attackers to reset...

PT-2026-42262

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...

ROS-20260520-73-0055

A vulnerability in the Navigation function of the Google Chrome web browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

WordPress plugin Child Height Predictor by Ostheimer 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...