482 matches found
CVE-2026-0856
Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...
CVE-2026-45702
A flaw was found in OP-TEE OS, a Trusted Execution Environment TEE for Arm Cortex-A cores. A type confusion vulnerability exists when OP-TEE OS processes an FFAMEMSHARE request from the normal world. This flaw can be exploited by a local attacker with high privileges when OP-TEE is configured as ...
CVE-2026-45702
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFAMEMSHARE...
SUSE CVE-2026-46108
In the Linux kernel, the following vulnerability has been resolved: ipmi:si: Return state to normal if message allocation fails There were places where nothing would get started if a message allocation failed, so the driver needs to return to normal state...
CVE-2026-46108
In the Linux kernel, the following vulnerability has been resolved: ipmi:si: Return state to normal if message allocation fails There were places where nothing would get started if a message allocation failed, so the driver needs to return to normal state...
UBUNTU-CVE-2026-46108
In the Linux kernel, the following vulnerability has been resolved: ipmi:si: Return state to normal if message allocation fails There were places where nothing would get started if a message allocation failed, so the driver needs to return to normal state...
CVE-2026-46108 ipmi:si: Return state to normal if message allocation fails
In the Linux kernel, the following vulnerability has been resolved: ipmi:si: Return state to normal if message allocation fails There were places where nothing would get started if a message allocation failed, so the driver needs to return to normal state...
CVE-2026-46108
In the Linux kernel, the following vulnerability has been resolved: ipmi:si: Return state to normal if message allocation fails There were places where nothing would get started if a message allocation failed, so the driver needs to return to normal state...
CVE-2026-46108
The CVE concerns the Linux kernel IPMI:si driver. The issue occurred when message allocation failed and the driver did not return to a normal state, potentially leaving the driver in an incomplete state. The resolution ensures the driver returns to normal when allocation fails, addressing the sta...
May 26, 2026—KB5089570 (OS Build 28000.2179) Preview
May 26, 2026—KB5089570 OS Build 28000.2179 Preview This cumulative update for Windows 11, version 26H1 KB5083806, includes production-quality improvements. Visit the Windows release health dashboard for the latest status on this release. Highlights This update is available through two release...
CVE-2026-0856
Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+3230...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Added a NULL check for the normallink string. It is not guaranteed that all entries of the struct sofconnstream declaration declare a normallink a non-SOF, direct link string. This applies to SoCs that...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerabilities have been resolved: net: tun: Fixed memory leaks in napigetfrags. kmemleak reports after running testprogs: Unreferenced object 0xffff8881b1672dc0 size 232: Command “testprogs”, PID 394388, time 4354712116 duration: 841.975 seconds Hex dump first...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011283)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011283 advisory. In the Linux kernel, the following vulnerability has been resolved: udptunnel: use netdevwarn instead of netdevWARN netdevWARN uses WARN/WARNON to print a backtrace...
Ransomware in 2025: Blending in is the strategy
Ransomware attacks aren't smash-and-grab anymore. They're built on access that already looks legitimate -- closer to positioning chess pieces than breaking the door down. That's the big trend that comes through in the ransomware data from the Talos 2025 Year in Review. Once attackers have initial...
CVE-2026-23484
Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure normal user, not superAdminAuthMiddleware. At time o...
March 26, 2026—KB5079391 (OS Builds 26200.8116 and 26100.8116) Preview
March 26, 2026—KB5079391 OS Builds 26200.8116 and 26100.8116 Preview This update is no longer being offered to new devices due to an installation issue identified after release. The issue has been addressed in the March 31, 2026—KB5086672 OS Builds 26200.8117 and 26100.8117 Out-of-band update tha...
CVE-2026-23484
Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure normal user, not superAdminAuthMiddleware. At time o...
CVE-2026-23484 Blinko: Authenticated Arbitrary File Write - saveDevPlugin
Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure normal user, not superAdminAuthMiddleware. At time o...
CVE-2026-23484
Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure normal user, not superAdminAuthMiddleware. At time o...