Nginx UI 信息泄露漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.8 had a vulnerability related to information leakage. This vulnerability stemmed from the ability for authenticated users to call the GET /api/settings request to retrieve sensitive configuration values,...

PT-2026-36901

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description A flaw in the SeaTable node's 'row:search' and 'row:get' operations allows user-controlled input to be concatenated directly into SQL query...

MAL-2026-3323 Malicious code in paypal-payouts-bridge (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.33, 2.17.5, and 2.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification by dynamic node parameters endpoints regarding whether the authenticated...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix for ofk3udmaglueParsechnbyid The ofk3udmaglueParsechnbyid helper function erroneously invokes “ofnodeput” on the “udmaxnp” device node that was passed to it. Additionally, its reference count was...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: phy: intel-xway: fix OF node refcount leakage Automated review identified a issue where the reference count of the OF node was leaking during checks to determine whether the ‘leds’ child node exists. The call to putnode was...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: “power: supply: rk817” – Fixed the node refcount leak. Dan Carpenter reported that the Smatch static checker identified another refcount leak in the probe function. While the ofnodeput function was added in one of the return...

Astra Linux - уязвимость в node-elliptic

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: Unnecessary ofnodeput function removed from felixParseportsnode. The unnecessary ofnodeput function was removed from the continue path to prevent a child node from being released twice, which could lead to resource leak...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: irqchip/alpine-msi: The refcount leak in alpinemsixinitdomains has been fixed. The function ofirqfindparent returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer needed. Add t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Do not use freedevicenode in graphutilParsedai. The commit 419d1918105e states that “ASoC: simple-card-utils: Use freedevicenode for devicenode”. However, freedevicenode should be used for dlc-ofnode, but...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bcache: The issue with bchbtreenodealloc has been fixed to ensure that the failure behavior is consistent. In some specific situations, the return value of bchbtreenodealloc might be NULL. This could lead to a potential NULL...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Added a check for the return value of offinddevicebynode. Added a check on the return value of offinddevicebynode, and return an error if it fails, in order to avoid dereferencing a NULL pointer...

Astra Linux - уязвимость в node-ssri

ssri 5.2.2-8.0.0; fixed in 8.0.1. This version processes SRIs using a regular expression, which is vulnerable to a denial of service attack. Malicious SRIs could take an extremely long time to process, resulting in a denial of service. This issue only affects consumers who use the “strict” option...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: gamecube: Fixed a refcount leak in gamecubertcreadoffsetfromsram. The offindcompatiblenode function returns a node pointer whose refcount has been incremented. We should use ofnodeput on it after processing. Also, add the...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerabilities have been resolved: cpufreq: pmac32-cpufreq: Fixed a refcount leak issue. In pmaccpufreqinitMacRISC3, we need to add the corresponding ofnodeput function for the three node pointers whose refcount has been incremented by offindnodebyname...

Astra Linux - уязвимость в node-tar

The npm package “tar” also known as node-tar in versions prior to 4.4.16, 5.0.8, and 6.1.7 has vulnerabilities related to arbitrary file creation/overwriting and arbitrary code execution. node-tar aims to ensure that any file whose location would be modified by a symbolic link is not extracted...

Astra Linux - уязвимость в libxslt

A flaw was discovered in the exsltFuncResultComp function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, leading to a type confusion. This can result in unexpected memory...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-esdhc: Fixed the refcount leak in esdhcsignalvoltageswitch. The offindmatchingnode function returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. Ad...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: HSI: omapssi: Fixed a refcount leak in ssiprobe. When returning from or prematurely terminating a foreachavailablechildofnode loop, we need to explicitly call ofnodeput on the child node to potentially release the node...