CVE-2026-41522

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

CVE-2026-41522

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

CVE-2026-41522

Affected software: Iris DFIR-IRIS web collaboration platform. Vulnerable version: earlier than 2.4.28. Issue: optional GraphQL endpoint at /graphql did not enforce the same authorization as the REST API, enabling three unauthorized actions by any authenticated user: (1) IOC read across cases (IDO...

CVE-2026-41522 Iris has an Improper Authorization issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed memory leaks in mpi3mrinitioc. Do not allocate memory again when the IOC is being reinitialized...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: jfs: Fixed null-ptr-deref in jfsioctrim Syzkaller Report Oops: General Protection Fault, likely for non-canonical addresses 0xdffffc0000000087: 0000 1 KASAN: null-ptr-deref in range 0x0000000000000438-0x000000000000043f CPU: 2...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011261)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011261 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During...

@bechara/crux (>=6.0.0 <=6.6.2), @cappa/cli (>=0.1.0 <=0.8.2) +11 more potentially affected by CVE-2026-6270 via @fastify/middie (>=9.0.2 <=9.3.1)

@fastify/middie NPM version =9.0.2, =6.0.0, =0.1.0, =0.1.0, =1.0.0, =1.0.11, =0.1.51, =1.0.36, =11.0.0, =1.3.0, =5.0.0, =0.6.1-dev, =1.1.48 Source cves: CVE-2026-6270 Source advisory: SNYK:JS-FASTIFYMIDDIE-16098213...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005807)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005807 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: Fix null-ptr-deref in jfsioctrim Syzkaller Report Oops: general protection fault, probably f...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005427)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005427 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: Fix null-ptr-deref in jfsioctrim Syzkaller Report Oops: general protection fault, probably f...

Increase in Malware Enabled ATM Jackpotting Incidents across United States

The Federal Bureau of Investigation FBI is releasing this FLASH to disseminate indicators of compromise IOCs and technical details associated with malware enabled ATM jackpotting. Threat actors exploit physical and software vulnerabilities in ATMs and deploy malware to dispense cash without a...

OESA-2026-1078 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During mpt3sastransportportremove, messages were logged with devprintk against...

OESA-2026-1073 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During mpt3sastransportportremove, messages were logged with devprintk against...

UBUNTU-CVE-2023-54271

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix NULL deref caused by blkgpolicydata being installed before init blk-iocost sometimes causes the following crash: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... RIP: 0010:rawspinlock+0x17/0x30...

CVE-2023-54271

CVE-2023-54271 concerns a NULL pointer dereference in the Linux kernel related to block cgroup handling. The issue arises when blkcg_activate_policy installs blkg_policy_data before ioc_weight policy data is fully initialized, causing a race with ioc_weight_write() that can encounter an uninitial...

UBUNTU-CVE-2025-68303

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel: punitipc: fix memory corruption This passes the address of the pointer "&punitipcdev" when the intent was to pass the pointer itself "punitipcdev" without the ampersand. This means that the:...

CVE-2025-64987

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables...

CVE-2025-64987 Command Injection in 1E-Explorer-TachyonCore-CheckSimpleIoC Instruction

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables...

PT-2025-50594

A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables...

@cartesi/rollups (=2.0.0-rc.3), @guidanoli/cmioc (>=0.1.4 <=0.2.1) +5 more potentially affected by unknown CVE via @ensdomains/ens-contracts (>=1.0.0 <=1.2.2)

@ensdomains/ens-contracts NPM version =1.0.0, =0.1.4, =0.1.5, =0.0.6, =0.0.4, =100.2.5-beta.0, =0.4.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190931...