Malicious code in @cloudplatform-single-spa/administration (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @cloudplatform-single-spa/svp-baas (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in @cloudplatform-single-spa/base-static-page (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

CVE-2026-46053

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...

Linux Distros Unpatched Vulnerability : CVE-2026-46053

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed the issue where mr-map was freed twice. The function rxemrcleanup, which attempts to free mr-map again, will be called when rxemrinituser fails. CPU: 0, PID: 4917, Comm: rdmaFlushserv, Kdump: loaded, Not tainted,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fixed a potential deadlock in MR deregistration. The issue arises when kzalloc is called while holding the umemmutex or any other lock acquired under the umemmutex. This is problematic because kzalloc can trigger...

EUVD-2026-29011

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. T...

CVE-2026-8256

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. T...

CVE-2026-8256 Devs Palace ERP Online mr-save cross site scripting

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. T...

CVE-2026-8256

CVE-2026-8256 affects Devs Palace ERP Online up to version 4.0.0. The vulnerability occurs in unknown code within the file /accounts/mr-save and enables cross-site scripting (XSS) when the application is processed remotely. Public exploit information is present in the description, and the vendor ...

PT-2026-39549

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. T...

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from operations on unknown code located in...

kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/hns: Fixed a NULL pointer issue in freemrinit. A lock grab occurs in a concurrent scenario, resulting in dereferencing a NULL pointer. This issue should be addressed by using initmutexinit before attempting to lock...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013674)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013674 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: fix memory leak in hnsroceallocmr When hnsrocemrenable failed in hnsroceallocmr, mrkey ...

ABB多款产品 安全漏洞

The ABB AC800M is a product of the Swiss company ABB. The ABB AC800M is a modular process controller designed for industrial automation systems. The ABB Symphony Plus SD Series consists of a series of control and I/O devices intended for industrial process control and distributed control systems...

WordPress Mr. SEO theme <= 2.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Mr. SEO versions = 2.0...

CVE-2026-22502

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Mr. Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr. Cobbler: from n/a through = 1.1.9...

CVE-2026-27842

Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration...