USN-8386-1 nano vulnerabilities

Michał Majchrowicz and Marcin Wyczechowski discovered that Nano created the /.local directory with incorrect permissions. In environments with permissive umask settings, a local attacker could possibly use this issue to inject a malicious launcher file, resulting in information disclosure or othe...

CVE-2025-5085

CVE-2025-5085 affects the WP Nano AD WordPress plugin (versions up to 1.31). It enables Stored Cross-Site Scripting via the blogrole_link parameter due to insufficient input sanitization/escaping. Impact: authenticated attackers with administrator rights can inject scripts that run for users on i...

WordPress WP Nano AD plugin <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by siyuan shao in WordPress Plugin WP Nano AD versions = 1.31...

EUVD-2026-33429

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...

CVE-2026-45151

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...

CVE-2026-44640

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to 0.24.14, aio-provdata is stored as nniquicconn during dialing, but read as exquicconn during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This...

NanoMQ 代码问题漏洞

NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Versions of NanoMQ prior to 0.24.8 have code vulnerabilities. These vulnerabilities stem from the quicstreamrecv function, which cancels references to empty substream pointers when the substream is reopened,...

NanoMQ 安全漏洞

NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Versions of NanoMQ prior to 0.24.14 contained a security vulnerability. This vulnerability stemmed from the fact that data stored as “nniquicconn” during dialing was read as “exquicconn” when the dialer was...

nano-9.0-2.1 on GA media (moderate)

nano-9.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10851-1 Rating: moderate Cross-References: CVE-2026-6842 CVE-2026-6843 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues fixed in the nano-9.0-2...

OPENSUSE-SU-2026:10851-1 nano-9.0-2.1 on GA media

These are all security issues fixed in the nano-9.0-2.1 package on the GA media of openSUSE Tumbleweed...

NVIDIA Nano SSH Key Duplication

A potential security vulnerability has been identified in some HP ZGX Nano G1n AI Station products where identical SSH host keys were deployed during the manufacturing process prior to March 19th, 2026. Successful exploitation might lead to unauthorized code execution, privilege escalation, denia...

CVE-2026-32134 NanoMQ: NULL Pointer Dereference Crash in tcptran_pipe_peer During Session Restore

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for cleanstart=0...

EUVD-2026-30965

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for cleanstart=0...

Ledger多款产品 安全漏洞

The Ledger Nano X, among others, are products of the French company Ledger. The Ledger Nano X is a hardware wallet for cryptocurrency assets. The Ledger Flex is a touch-screen hardware wallet for cryptocurrency assets. The Ledger Stax is a curved electronic ink-screen hardware wallet for...

CLSA-2026-1779122764 nano: Fix of CVE-2024-5742

CVE-2024-5742: emergencysave applied chmod/chown to a path after the descriptor was closed, allowing a symlink swap to redirect the ownership change to an attacker-controlled file - Backport of upstream commit 5e7a3c2e from nano v8.0, adapted to the 5.6.1 codebase writefile signature predates the...

[SECURITY] Fedora 42 Update: nano-8.3-4.fc42

GNU nano is a small and friendly text editor...

Google Chrome Accused of Silently Installing 4GB AI Model on User Devices

Cybersecurity researcher Alexander Hanff claims that Google Chrome automatically installs a 4GB Gemini Nano AI model without user notification or consent...

MGASA-2026-0121 Updated nano packages fix security vulnerabilities

Local attacker can inject malicious .desktop launcher due to insecure directory permissions. CVE-2026-6842 Format string vulnerability leads to denial of service. CVE-2026-6843...

[SECURITY] Fedora 43 Update: nano-8.5-3.fc43

GNU nano is a small and friendly text editor...

Fedora 43 : nano (2026-d0a0f1c3d2)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d0a0f1c3d2 advisory. fix CVE-2026-6842 and CVE-29026-6843 Resolves: CVE-2026-6842 Resolves: CVE-2026-6843 Resolves: rhbz2455127 Resolves: rhbz2455314 Tenable has extract...