7 matches found
CVE-2026-11764 Data exposed without proper permission
When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ubi: Fixed an unreferenced object issue reported by kmemleak in ubiresizevolume. There is also a memory leak issue reported by kmemleak: An unreferenced object with a size of 128 bytes is causing a memory leak: 0xffff888102007a00...
CVE-2026-43363
A flaw was found in the Linux kernel. When resuming from suspend to RAM s2ram, the system's firmware may incorrectly re-enable x2apic mode, even if the kernel had previously disabled it. This mismatch causes the kernel to operate with an incompatible interface, leading to system hangs and a Denia...
CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loopbac...
CVE-2023-31728
Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface...
CVE-2022-30245
Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the...
The name of the function to setup a vesting in the interface IVesting.sol doesn’t match with the name of the function to setup a vesting in StakeCitadelVester.sol.
Lines of code Vulnerability details Impact Users will not be able to withdraw their funds . Proof of Concept When a user wants to withdraw his tokens from StakedCitadel.sol, vesting is supposed to be set and tokens are sent to the vesting contract where they are vested linearly for 21 days. This ...