Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Fixed a potential index out of bounds issue in the color transformation function. The issue could occur when the index ‘i’ exceeds the number of transfer function points TRANSFERFUNCPOINTS. The fix includes a...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling Do not call iavfclose in iavfresettask error handling. Doing so can lead to double call of napidisable, which can lead to deadlock there. Removing VF would lead to iavfremove task being stuck, becau...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Fixed a panic that occurred during namespace deletion with VF. The existing code moves the VF NIC to a new namespace when NETDEVREGISTER is received on the netvsc NIC. During the deletion of the namespace,...

Astra Linux – Vulnerability in binutils

The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc calls with an integer overflow result or potentially have unspecified other impacts through a crafted string, as demonstrated by c++filt...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: can: bcm: bcmtxsetup: fixed KMSAN uninit-value in vfswrite Syzkaller reported the following issues: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 inline BUG: KMSAN:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Networks: hns3 – The use of numtqps in the vf driver to allocate resources. Currently, hdev-htqp is allocated using hdev-numtqps, and kinfo-tqp is allocated using kinfo-numtqps. However, kinfo-numtqps is set to minnewtqps,...

CVE-2026-7700

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

CVE-2026-7700 langflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injection

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

EUVD-2026-26838

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

Exploit for Missing Authentication for Critical Function in Cpanel

POCCVE-2026-41940 Quick start bash python3 pocCVE-202...

CVE-2026-7696 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform uploadH5Files unrestricted upload

A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. The manipulation of the argument File results in unrestricted upload. The attack may be launched...

CVE-2026-7692

The CVE-2026-7692 entry documents a remote command-injection vulnerability in Wavlink WL-WN570HA1 firmware (R70HA1 V1410_221110) affecting the ping_ddns function in /cgi-bin/adm.cgi. The underlying issue is manipulation of the DDNS argument, enabling arbitrary command execution. Public exploit av...

CVE-2026-7689

Dolibarr ERP/CRM (up to 23.0.2) is affected by a vulnerability in the Online Signature Module versioning, where dol_verifyHash in htdocs/core/lib/security.lib.php mishandles cryptographic signature verification. This allows a remote attacker to potentially leverage a flawed signature check; explo...

CVE-2026-7683

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has bee...

CVE-2026-7682

A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-7684 Edimax BR-6428nC setWAN buffer overflow

A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

CVE-2026-7682

A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-7682

Edimax BR-6208AC (firmware 1.02) contains a vulnerability in the L2TP Mode setWAN function (/goform/setWAN). The L2TPUserName parameter can be manipulated to induce command injection. The issue is exploitable remotely and has publicly disclosed PoC/exploit code. Vendor did not respond to disclosu...

EUVD-2026-26811

A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNoticeController.java of the component System Notice Handler. This manipulation of the argument...

CVE-2026-7675

CVE-2026-7675 affects Shenzhen Libituo Technology LBT-T300-HW1 devices older than or equal to 1.2.8. The vulnerability is in the function start_lan of the file /apply.cgi , where manipulation of the argument Channel/ApCliSsid leads to a buffer overflow . The issue is exploitable remotely, and pub...