Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgrlock The smpcallfunction always runs its callback in a hard IRQ context, even when running under PREEMPTRT, where spinlocks may be in a sleeping state. Therefore, we need to use a raw...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of link-type in bpflinkshowfdinfo If a newly added link type does not invoke BPFLINKTYPE, accessing bpflinktypestrslink-type may lead to an out-of-bounds access. To detect such missed invocations early on ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed an out-of-bounds access in ‘dcn21linkencodercreate’. An issue was identified in the dcn21linkencodercreate function, where an out-of-bounds access could occur when the hpdsource index was used to reference...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpudm initialization when the number of links is greater than maxlinks. Reason The Coverity report indicates an OVERRUN warning. There are only maxlinks elements within dc-links. The number of links can...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd: check num of link levels when update pcie param In the SR-IOV environment, the value of pcietable-numoflinklevels will be 0, and numoflevels - 1 will cause an array index out of bounds...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fixed a use-after-free in localcleanup. A use-after-free occurs in kfreeskb called from localcleanup. This could occur when killing the nfc daemon e.g., neard after detaching an nfc device. When detaching an nfc device,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: Truncating good inode pages when the hard link is 0 The value of the fileset for the inode copy from the disk by the reproducer is AGGRRESERVEDI. When the evict function is executed, its hard link number is 0, so its inode...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed a NULL pointer dereference in amdgpudmi2cxfer. When ddcserviceconstruct is called, it explicitly checks both the link type and whether there is something on the link that will determine whether the pin is...

CVE-2022-24424

creationtimestamp| type| source ---|---|--- 2026-05-03 22:00:29+00:00| seen| https://bsky.app/profile/lbtoday1.bsky.social/post/3mky5smwc5s2f...

CVE-2026-44008

creationtimestamp| type| source ---|---|--- 2026-05-03 21:34:12+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-9qj6-qjgg-37qq...

CVE-2026-36356

creationtimestamp| type| source ---|---|--- 2026-05-03 21:00:41+00:00| seen| https://t.me/GithubRedTeam/82671 2026-05-03 23:00:13+00:00| seen| Telegram/zMIGDiZKcsuCchc0aPmk0dRYccv5m6M1w-Y-ifos8swuOP4 2026-05-04 03:00:05+00:00| seen| Telegram/xOE6u0S4AhmTrHPBDYscPzMv6FpE3fbyPNbn5dJYZfuDoSw...

CVE-2026-7704

creationtimestamp| type| source ---|---|--- 2026-05-03 20:31:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkxyu2d77q2r...

CVE-2026-7701

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/urlauthbox.cpp of the component Bot API. The manipulation of the argument loginurl leads to null pointer dereference. It is...

CVE-2026-44336

creationtimestamp| type| source ---|---|--- 2026-05-03 05:26:17+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9mqq-jqxf-grvw 2026-05-08 17:37:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlebgbpbtw2v 2026-05-08...

EUVD-2026-26800

A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...

CVE-2026-5324 Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

CVE-2026-6812

The CVE-2026-6812 entry concerns the Ona theme for WordPress. A Server-Side Request Forgery (SSRF) is possible in all versions up to and including 1.26 via ona_activate_child_theme, enabling authenticated attackers with administrator-level access to make outbound requests from the web application...

CVE-2026-6812 Ona <= 1.26 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'download_link' Parameter

The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...

CVE-2026-6812 Ona <= 1.26 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'download_link' Parameter

The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...

CVE-2026-7209

The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qcopd-directory shortcode in all versions up to, and including, 8.9.2. This is due to insufficient input sanitization and output escaping on user supplied attributes such as titlefontsize...