Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fixed the issue where unrecoverable MCE calls the async handler from NMI. The machine check handler is not considered NMI on 64s. The earlier handler is the actual NMI handler; it schedules the machinecheckexception...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in the guest XSAVE state whenever XFDi=1 When loading the guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, the disabled features in XSTATEBV are cleared to ensure tha...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: The issue of NULL pointer dereferencing in hvuiorescind has been fixed. For primary VM Bus channels, the primarychannel pointer is always NULL. This pointer is valid only for secondary channels. Additionally, the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as a RS485 port, the tx statemachine is used to control the RTS pin to drive the RS485 transceiver’s TXEN pin. When the TTY port is closed mid-transmission e.g....

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: VMCI: fixed a race condition between vmcihostsetupnotify and vmcictxunsetnotify. During our testing, it was found that a warning can occur in trygrabfolio. The detailed error message is as follows: ----------- Cut here ----------...

wendor_labs_exploitation

Wendor Vending Machine Exploitation & Security Research Lab T...

Important: Red Hat Security Advisory: gvisor-tap-vsock security update

An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

A Comparative Analysis of Machine Learning Models for Intrusion Detection in Intelligent Transport Systems

AI-powered edge computing security is moving Intelligent Transportation Systems ITS from passive, rule-based protections to proactive, smart, zero-touch, self-sufficient safeguards that neutralize threats in milliseconds. As transportation becomes more connected with edge computing, massive IoT,...

Microsoft won’t patch PhantomRPC: Feature or bug?

A researcher has discovered a weakness called PhantomRPC that Microsoft does not consider a vulnerability it plans to patch. PhantomRPC involves Windows Remote Procedure Call RPC, the core of communication between Windows processes. The vulnerability lets a process with impersonation rights...

curl: MQTT state machine confusion: PINGRESP/DISCONNECT with non-zero remaining_length dispatches to stale nextstate

Summary: In lib/mqtt.c, the state machine in mqttdoing lines 894-911 in curl 8.20.0 does not validate that PINGRESP 0xD0 and DISCONNECT 0xE0 packets have remaininglength == 0 as required by MQTT 3.1.1 spec sections 3.13.1 and 3.14.1. A malicious broker can send a PINGRESP fixed header with non-ze...

[SECURITY] Fedora 43 Update: edk2-20260213-4.fc43

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. This package contains sample 64-bit UEFI firmware builds for QEMU and KVM...

PT-2026-37135

Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.4.0 Description A remote Denial of Service DoS issue exists due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to...

CVE-2026-7213 ef10007 MLOps_MCP save_file Tool fastmcp_server.py path traversal

A vulnerability was detected in ef10007 MLOpsMCP 1.0.0. This impacts an unknown function of the file fastmcpserver.py of the component savefile Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now public...

CLSA-2026-1777321102 Fix CVE(s): CVE-2022-26923, CVE-2022-32743

SECURITY UPDATE: Samba AD DC did not enforce the Validated-DNS-Host-Name write right, allowing an unprivileged authenticated user with machine account write access e.g. SeMachineAccountPrivilege to set the dNSHostName attribute to an arbitrary value, bypassing the MS-ADTS requirement that it matc...

HTB-WingData-Writeup

HackTheBox - WingData Writeup Difficulty: Easy | OS: L...

Machine-Checked Cardinality Bounds for Masked Barrett Reduction: A 1-Bit Side-Channel Leakage Barrier in Post-Quantum Cryptographic Hardware

Barrett reduction is the nonlinear core of every practical NTT-based post-quantum cryptography implementation. Existing composition frameworks ISW, t-SNI, PINI, DOM address Boolean masking over GF2; none provides a machine-checked characterization of Barrett's leakage under first-order arithmetic...

secops-ai-threat-analyzer

🛡️ SecOpsAI: Threat Analysis & Adaptive Security Engine An e...

KVM: x86: Use scratch field in MMIO fragment to hold small write values

...

KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish

...

KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU

...