CVE-2026-48140

There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message...

CVE-2026-48137

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially...

CVE-2026-9142 Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

CVE-2026-48138

CVE-2026-48138 affects NI’s grpc-device streaming API and is an out-of-bounds read caused by a missing bounds check. Affected versions are NI grpc-device 2.17.0 and earlier. The vulnerability can lead to denial of service when an attacker sends a specially crafted write request. Exploitation deta...

CVE-2026-48137

Summary: CVE-2026-48137 is an untrusted pointer dereference in the NI grpc-device sideband streaming API affecting NI grpc-device 2.17.0 and earlier. A attacker can cause an arbitrary memory dereference and potentially remote code execution by sending a specially crafted Moniker protobuf message....

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: ti: j721e-evm: Fixed the refcount leak in j721esocprobe. In j721esocprobe, the function ofnodeput is used to remove nodes from the list. However, after the function ofnodeput is called, the refcount of the node is not...

EUVD-2026-33992

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

CVE-2026-8036

NI-PAL is affected by improper input validation that may allow a local authenticated user to access arbitrary system memory, enabling privilege escalation. Affected: NI-PAL 26.3.0 and prior on Windows and Linux. Root cause: input validation weakness. Impact: local privilege escalation with potent...

CVE-2026-8035

Technical details for CVE-2026-8035 are not publicly available in the provided documents. Monitor for updates from NI and security advisories.

PT-2026-45848

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

National Instruments Ni-Pal 安全漏洞

National Instruments Ni-Pal is a software component of the American company National Instruments. It serves to provide necessary functions for multiple NI drivers. National Instruments Ni-Pal versions prior to 26.3.0 contain security vulnerabilities. These vulnerabilities stem from improper input...

Human Vulnerability Assessment in Cybersecurity: A Systematic Literature Review of Methods, Models, and Instruments

In cybersecurity, vulnerability assessment has typically focused on identifying and measuring vulnerabilities within digital assets and technical infrastructures. However, there is growing recognition that this approach alone is inadequate without a structured examination of the human factor, whi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix for use-after-free of the CPPI descriptor in the RX path The cppi5hdescgetpsdata function returns a pointer to the CPPI descriptor. In both emacrxpacket and emacrxpacketzc, the descriptor is freed via...

EUVD-2026-27803

In the Linux kernel, the following vulnerability has been resolved: soc: ti: k3-socinfo: Fix regmap leak on probe failure The mmio regmap allocated during probe is never freed. Switch to using the device managed allocator so that the regmap is released on probe failures e.g. probe deferral and on...

CVE-2026-43242

In the Linux kernel, the following vulnerability has been resolved: soc: ti: k3-socinfo: Fix regmap leak on probe failure The mmio regmap allocated during probe is never freed. Switch to using the device managed allocator so that the regmap is released on probe failures e.g. probe deferral and on...

CVE-2026-43242

In the Linux kernel, the following vulnerability has been resolved: soc: ti: k3-socinfo: Fix regmap leak on probe failure The mmio regmap allocated during probe is never freed. Switch to using the device managed allocator so that the regmap is released on probe failures e.g. probe deferral and on...

CVE-2026-43196

In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in prussclkmuxsetup In the prussclkmuxsetup, the devmaddactionorreset indirectly calls prussoffreeclkprovider, which calls ofnodeputclkmuxnp on the error path. However, after the devmaddactionorres...

Astra Linux – Vulnerability in Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/bridge: sii902x: Fixed the probing race issue A null pointer dereference crash has been observed rarely on TI platforms using the sii9022 bridge: 53.271356 sii902xgetedid+0x34/0x70 sii902x 53.276066...

Zurich Instruments LabOne Q 代码问题漏洞

Zurich Instruments LabOne Q is a software platform for experimental control and automation in quantum computing, developed by the Swiss company Zurich Instruments. There are code vulnerabilities in Zurich Instruments LabOne Q; these vulnerabilities stem from the importcls mechanism in the...

Zurich Instruments LabOne Web Server 路径遍历漏洞

Zurich Instruments LabOne Web Server is a web service component provided by the Swiss company Zurich Instruments. It serves for instrument control, data acquisition, and visualization interface operations. The Zurich Instruments LabOne Web Server has a path traversal vulnerability, which stems fr...