319 matches found
EUVD-2026-42723
An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...
CVE-2026-57032
An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...
io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...
CVE-2026-53337
In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...
EUVD-2026-40971
In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...
io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...
SUSE CVE-2026-53320
In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bdoblocknr in nilfsioctlmarkblocksdirty nilfsioctlmarkblocksdirty uses bdoblocknr to detect dead blocks by comparing it with the current block number bdblocknr. If they differ, the block is considered dead and...
CVE-2026-53302
In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...
CVE-2026-53281
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption Commit 60f030f7418d "iommu/vt-d: Avoid use of NULL after WARNONONCE" fixed a NULL pointer dereference in an unlikely situation partly. If devpasid is not found in...
PT-2026-51983
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists when querying information for an offloaded BPF map or program. The functions bpf map offload info fill ns and bpf prog offload info fill ns use get netdev...
PT-2026-50557
Name of the Vulnerable Software and Affected Versions marimo versions prior to 0.23.9 Description A reflected cross-site scripting issue exists in the notebook page. Unauthenticated attackers can inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query...
CVE-2026-44316 free5GC: PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the...
SUSE CVE-2022-39307
Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fixed a general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and attempts to read a b-tree node by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport-portstate before calling done Callback In the nvmefchandlelsrqstwork function, the lsrsp-done callback is set only when remoteport-portstate is FCOBJSTATEONLINE. Otherwise, the nvmefcxmtlsrsp’s LLDD...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevents dereferencing of a NULL pointer if ATIF is not supported. acpievaluateobject may return AENOTFOUND failure, which would result in dereferencing buffer.pointer obj when buffer.pointer is NULL. Although this...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Staging: GPIB – Fixed an Oops after disconnection in niusb. If the USB dongle is disconnected, subsequent calls to the driver will cause a NULL dereference Oops, as the businterface is set to NULL upon disconnection. This issue w...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: hwmon: Handling failures in registering sensors with thermal zones correctly. If an attempt is made to register a sensor with a thermal zone and it fails, the call to devmthermalzoneofsensorregister may return -ENODEV. This ca...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: amt: fixed a possible memory leak in amtrcv If amt receives packets and finds a socket; if it cannot find a socket, it should free the received skb. However, this is not done, resulting in a possible memory leak...
CVE-2026-42207 Magento LTS: Open Redirect via Unvalidated `uenc` Parameter in `stockAction()` - magento-lts
Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...