CVE-2026-27693

Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper escaping. An attacker with low privileges can create a device with a crafted name that injects XML...

CVE-2026-2052

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

PT-2026-36892

Name of the Vulnerable Software and Affected Versions CImg Library versions prior to commit 4ca26bc Description An integer overflow exists in the load pnm function during the computation of WHD size. A specially crafted PNM, PGM, or PPM file containing large dimension values can cause the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: For the clk subsystem, in the qcom module, there is a issue where gcc-sm6350 uses parentmap for two clocks that actually doesn’t exist. If a clkrcg2 has a parent, it should also have the parentmap property defined. Otherwise, a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Deferring the release of the inner map when necessary When updating or deleting an inner map in the map array or map htab, the map may still be accessed by non-sleepable programs or sleepable programs. However, when the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Track xmit submissions to PTP WQ after populating the metadata map. Ensure that the skb is available in the metadata mapping to skbs before tracking the metadata index to detect undelivered CQEs. If the metadata ind...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: fbcon: A NULL pointer dereference issue was fixed in fbconputcs. syzbot has identified a NULL pointer dereference bug in fbcon. Here is the simplified C code example: c struct param uint8t type; struct tioclselection ts; ; int ma...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: perf/core: Fixed a reference count bug and a potential UAF in perfmmap. Syzkaller reported a refcountt issue where the increment of the reference count was set to 0; there was also a warning about a use-after-free when using...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: EFI: Do not map the entire mokvar table to determine its size. Currently, when validating the mokvar table, we re-map the entire table on each iteration of the loop, adding space as we discover new entries. If the table grows...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dmaunmapsg nents The dmaunmapsg functions should be called with the same nents as the dmamapsg, not with the value returned by the map function...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: Use VMMAP instead of VMALLOC for the ringbuf area. After the commit 2fd3fb0be1d1 “kasan, vmalloc: unpoison VMALLOC pages after mapping”, non-VMALLOC mappings will be marked as accessible in getvmareanode when KASAN is enable...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: A memory barrier is required to ensure that the PTP WQ xmit submission tracking occurs after populating the metadatamap. Simply reordering the functions mlx5eptpmetadatamapput and mlx5eptpsqtrackmetadata within the...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed a race condition in sockmapfree. sockmapfree calls releasesocksk without owning a reference to the socket. This could lead to a use-after-free, as syzbot identified this issue 1. Jakub Sitnicki already...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: correctly setting the Comp SoundWire port. For some reason, we end up setting the SoundWire port for HPHLCOMP and HPHRCOMP to zero. This could potentially lead to memory corruption due to accessing and...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: x86/mm/identmap: Use GB pages only when a full GB page should be mapped. When identpudinit uses only GB pages to create identity maps, large ranges of addresses that are not actually requested can be included in the resulting...

Astra Linux – Vulnerability in Zabbix

When a URL is added to the map element, it is recorded in the database with a sequential ID. When adding a new URL, the system retrieves the previous value of the sysmapelementurlid and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: A reference count leak was fixed in snruncoremmiomap. pcigetdevice will increase the reference count of the returned pcidev. Therefore, snruncoregetmcdev will return a pcidev with its reference count...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fixed the race condition involving skb after locking changes. There is a race condition where the skb from the skpsockbacklog can be referenced after the user-space side has already consumed the skbuff using...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs: Fixed an uninitialized ‘offp’ variable in statmountstring In statmountstring, most flags assign an output offset pointer offp, which is later updated with the string offset. However, in the cases of STATMOUNTMNTUIDMAP and...