9027 matches found
CVE-2026-50221
In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...
CVE-2026-54309
CVE-2026-54309 affects n8n when the MCP Browser is run with HTTP transport. The MCP endpoint accepts session initialization and tool invocation without authentication, enabling unauthenticated callers (including websites visited by the user) to access browser-control tools (navigation, JavaScript...
Datart v1.0.0-rc.3 - Remote Code Execution
Datart v1.0.0-rc.3 contains a vulnerability that allows remote attackers to execute arbitrary code via INIT connection parameters. id: CVE-2025-56819 info: name: Datart v1.0.0-rc.3 - Remote Code Execution author: Redmomn severity: critical description: | Datart v1.0.0-rc.3 contains a vulnerabilit...
EUVD-2026-38339
A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...
EUVD-2026-38231
MISP allowed an authenticated site administrator to set the Kafkardkafkaconfig setting to an arbitrary filesystem path. MISP subsequently parsed the referenced INI file and passed its options to rdkafka. A crafted attacker-controlled configuration file could use rdkafka options such as...
EUVD-2026-38089
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...
kernel: nvmet-tcp: fix race between ICReq handling and queue teardown
A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fixed invalid PNP driver unregistration The Comedi low-level driver “c6xdigio” appears to be for a parallel port-connected device. When the Comedi core calls the driver’s Comedi “attach” handler c6xdigioattach t...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nfconntrack: A crash occurred when attempting to remove an uninitialized entry from the hash bucket list. A crash occurred while trying to remove the conntrack entry from the hash bucket list: Exception RIP:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg – Zero initialize memory allocated via sockkmalloc Several crypto user API contexts and requests that were allocated using sockkmalloc remained uninitialized. This meant that callers had to explicitly set the fields...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: netpoll: Initialize the work queue before error checks. A kernel warning is prevented when the netconsole setup fails on devices with the IFFDISABLENETPOLL flag. The warning occurs because the cleanup process attempts to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: gpio: Restrict the use of GPIO chip IRQ members before initialization. The IRQ members of the GPIO chip are exposed before they can be fully initialized, which leads to race conditions. One such issue was observed with the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: dropmonitor: corrected the incorrect initialization order. Syzkaller reports the following bug: BUG: spinlock magic values are incorrect on CPU1, syz-executor.0/7995. Lock value: 0xffff88805303f3e0, .magic: 00000000, .owner:...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: stmmac: Clearing the variable when destroying the workqueue Currently, when suspending the driver and stopping the workqueue, it is checked whether workqueue is not NULL. If it is NULL, the workqueue is destroyed. The function...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: lockd: Other missing fields are set when unlocking files. The vfslockfile function expects that the struct filelock structure is fully initialized by the caller. If the flfile field is NULL after re-exporting NFSv3, an OOP err...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer. Since the report buffer is used by various drivers in various ways, let’s initialize it to zero during allocation, so that it cannot ever be used to leak kernel memory through special...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: The sock code: The protection check for psock vs. ULP needs to be reimplemented. Commit 8a59f9d1e3d4 “sock: Introduce sk-skprot-psockupdateskprot” moved the inetcskhasulpsk check from skpsockinit to the new tcpbpfupdateproto...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Input: appletouch – Initialize work before device registration. Syzbot has reported a warning in flushwork. This warning occurs due to work-func == NULL, which indicates that work initialization was missed. This issue can occur...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Fixed a race condition in kprobe initialization that could lead to NULL pointer dereferencing. There is a critical race condition in kprobe initialization that can result in NULL pointer dereferencing and cause the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: xsk: Fixed corrupted packets for XDPSHAREDUMEM. A issue was addressed in the XDPSHAREDUMEM mode, along with the aligned mode, where packets were corrupted for the second and any subsequent sockets bound to the same umem. In other...