2279 matches found
Improper Control of Dynamically-Managed Code Resources
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources through the lib/bridge.js apply trap and thisEnsureThis proto-walk. An attacke...
How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings...
UBUNTU-CVE-2026-45936
In the Linux kernel, the following vulnerability has been resolved: power: supply: goldfish: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...
UBUNTU-CVE-2026-45938
In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916lbc: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.7 release.
Red Hat Developer Hub 1.8.7 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
CVE-2026-45867
The CVE relates to the Linux kernel, targeting the power_supply subsystem (act8945a). Root cause: using devm_ IRQ request before allocating/registering the power_supply handle creates a race where the IRQ can fire after the power_supply has been freed, or before it is initialized, leading to use-...
PT-2026-43749
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the pm8916 bms vm component. The problem occurs because the devm variant for requesting an IRQ is used before the devm variant for allocating or...
PT-2026-43735
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference count leak occurs in the pcs add gpio func function. The of parse phandle with args function returns a device node pointer with an incremented reference count in gpiospec.np...
apache-airflow-providers-edge3 (>=1.1.0 <=1.1.1rc1), dmp-af (>=0.15.0 <=0.16.0) +1 more potentially affected by CVE-2026-46745 via apache-airflow-providers-fab (=3.6.4)
apache-airflow-providers-fab PYPI version =3.6.4 is affected by a known vulnerability. The following packages have a transitive dependency on apache-airflow-providers-fab and may be impacted: - apache-airflow-providers-edge3 =1.1.0, =0.15.0, =1.11.0.0, =1.13.0.0rc1 Source cves: CVE-2026-46745...
PT-2026-42703
Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret | Field | Value | | ---------------- | ----- | | Repository | Jovancoding/Network-AI | | Affected version | v5.4.4 commit c12686e181f231cf8d7bcf836a96d78f0f0877ac | Summary The MCP SSE server defaults to an empty secret...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the updateAssistant and createAssistant handlers in the assistant service. An attacker can reassign an assistant to a...
keycloak: org.keycloak.authorization: Keycloak: Information disclosure via broken access control in user lookup endpoint
A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access UMA resource, to enumerate and harvest personally identifiable information PII for all realm users. By...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: phy: allowing MDIO bus PM operations to initiate/stop the state machine for phylink-controlled PHYs. DSA has two types of drivers: 1. Those that call dsaswitchsuspend and dsaswitchresume from their device’s PM operations:...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/tests: helpers: Avoid a driver UAF When using drmkunithelperallocdrmdevice, the driver may be referenced by device-managed resources until the device is freed, which typically occurs later than when the kunit-managed resource...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: In the net, neigh module, do not trigger immediate probes on NUDFAILED from neighmanagedwork. The syzkaller was able to trigger a deadlock for NTFMANAGED entries: - kworker/0:16/14617 is trying to acquire a lock: -...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: serial: 8250bcm7271: The leak in brcmuartprobe has been fixed. Smatch report: drivers/tty/serial/8250/8250bcm7271.c: Line 1120 of brcmuartprobe, warning: “‘baudmuxclk’ from clkprepareenable was not released”. The issue was fixed ...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: spi: Fixed a use-after-free issue with devmspialloc. We cannot rely on the contents of the devres list during spiunregistercontroller, as the list is already cleared when we call devmspireleasecontroller. This causes devices...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Added missing error checking for clock acquisition. The acpcardrt5682init and acpcardrt5682sinit functions did not check the return values of clkget. This could lead to a kernel crash when invalid...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: clk: imx: clk-imx8mn: fixed a memory leak in imx8mnclocksprobe. Use devmofiomap instead of ofiomap to automatically manage the unused ioremap regions. If any errors occur, the memory allocated by kzalloc may leak; however, usi...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Do not call kfree on devices managed by devres. Since the allocation of the driver’s main structure was changed to devmdrmdevalloc, the rdev is managed by devres, and we should not call kfree on it. This fix prevents...