CVE-2026-10058 ITP Technology｜ITS Intelligent SCADA System - Stored Cross-Site Scripting

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

CVE-2026-10058

The CVE-2026-10058 entry concerns ITS Intelligent SCADA System by ITP Technology and describes a Stored Cross-Site Scripting vulnerability that allows privileged remote attackers to inject JavaScript executed in users’ browsers on page load. Documents confirm the affected product, vulnerability t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: irqchip/gic-v3-its: Quirk probing for ACPI-based systems has been restored. While refactoring the way ITSs are probed, the handling of quirks applicable to ACPI-based platforms was lost. As a result, systems like HIP07 lose...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Do not enable interrupts in itsirqsetvcpuaffinity. The following call-chain results in the enabling of interrupts in a nested interrupt-disabled section: irqsetvcpuaffinity irqgetdesclock rawspinlockirqsave --...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double free on error The error handling path in itsvpeirqdomainalloc causes a double free when itsvpeinit fails after successfully allocating at least one interrupt. This happens because...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command...

Malicious Package

Overview stats-api-js-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview hops-preset-jest is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

OESA-2026-1470 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A memory address truncation vulnerability exists in the irqchip/gic-v3-its driver of the Linux kernel. On 32-bit ARM machines with CONFIGARMLPAE enabled, when using larger VMSPLIT configurations, lowmem allocations may be backed ...

OESA-2026-1469 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A memory address truncation vulnerability exists in the irqchip/gic-v3-its driver of the Linux kernel. On 32-bit ARM machines with CONFIGARMLPAE enabled, when using larger VMSPLIT configurations, lowmem allocations may be backed ...

Malicious Package

Overview iru-caches is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

SUSE-SU-2026:0411-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc125559...

SUSE CVE-2026-23085

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bit machines with CONFIGARMLPAE, it is possible for lowmem allocations to be backed by addresses physical memory above the 32-bit address limit, as found while...

CVE-2026-23085

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bit machines with CONFIGARMLPAE, it is possible for lowmem allocations to be backed by addresses physical memory above the 32-bit address limit, as found while...

UBUNTU-CVE-2026-23085

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bit machines with CONFIGARMLPAE, it is possible for lowmem allocations to be backed by addresses physical memory above the 32-bit address limit, as found while...

CVE-2026-23085

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bit machines with CONFIGARMLPAE, it is possible for lowmem allocations to be backed by addresses physical memory above the 32-bit address limit, as found while...

CVE-2026-23085 irqchip/gic-v3-its: Avoid truncating memory addresses

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bit machines with CONFIGARMLPAE, it is possible for lowmem allocations to be backed by addresses physical memory above the 32-bit address limit, as found while...

CVE-2026-23085 irqchip/gic-v3-its: Avoid truncating memory addresses

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bit machines with CONFIGARMLPAE, it is possible for lowmem allocations to be backed by addresses physical memory above the 32-bit address limit, as found while...

CVE-2026-23085

CVE-2026-23085 affects the Linux kernel irqchip/gic-v3-its on 32-bit ARM with CONFIG_ARM_LPAE, where lowmem allocations could be backed by physical memory above 4 GB. The ITS driver stored a 32-bit address in an unsigned long, triggering truncation. The fix changes the itt_addr and related physic...

EUVD-2026-5457

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bit machines with CONFIGARMLPAE, it is possible for lowmem allocations to be backed by addresses physical memory above the 32-bit address limit, as found while...