CVE-2026-45757

Rocket.Chat before versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allowed users marked inactive by users.deactivateIdle to continue using already-issued login tokens. An administrator-stopped idle users could still access authenticated REST endpoints with the old token. Th...

CVE-2025-71357

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

EUVD-2025-210293

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

CVE-2025-71357 picklescan - Arbitrary Code Execution via Undetected idlelib.pyshell.ModifiedInterpreter.runcommand

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: sched/scs: The task stack state is reset in bringupcpu. When a CPU is hot-plugged, the idle task on that CPU calls several layers of C code before finally leaving the kernel. When KASAN is in use, a “poisoned” shadow is left behi...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpslowstartafteridle. When reading sysctltcpslowstartafteridle, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Null checks for ‘stream’ and ‘plane’ were added before dereferencing them. This commit adds null checks for the ‘stream’ and ‘plane’ variables in the dcn30applyidlepoweroptimizations function. These variables wer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: Do not decrement the preempt count of the idle task when the CPU is offline. With PREEMPTCOUNT=y, when a CPU is offline and then brought back online, we encounter the following issue: BUG: Scheduling while atomic:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fixed an issue where a “off-by-one” root connection error occurred. Before attaching a new root to the old root, the number of children in the new root was checked to ensure that only the top-level groups of the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: Rejects the reuse of ALARM timer labels in revision 0 rules. In revision 0 rules, reusing timers by label always involves calling modtimer on the uninitialized timer-timer. If the label was created first i...

CVE-2026-6733

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

CVE-2026-33585

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

SUSE CVE-2026-46250

In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...

EUVD-2026-34112

In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...

CVE-2026-46250

In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...

CVE-2026-46250 MIPS: Work around LLVM bug when gp is used as global register variable

In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...

PT-2026-46013

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description On MIPS architecture, the current thread info is defined as a global register variable located in $gp and is assigned a new address during kernel relocation. A bug in LLVM causes it to...

SUSE-SU-2026:21974-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. -...

SUSE SLES15 Security Update : kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2181-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2181-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes various security issues The following security issues were fixed: -...

SUSE SLES15 Security Update : kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2189-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2189-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.34 fixes various security issues The following security issues were fixed: -...