Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduced a -pollcci method For the ACPI backend of UCSI, the UCSI “registers” are merely a memory copy of the register values in an opregion. The ACPI implementation in the BIOS ensures that the contents of t...

Astra Linux – Vulnerability in Chromium

Before version 90.0.4430.212, using “after free” in notifications in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...

EUVD-2026-37638

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

EUVD-2026-37639

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

CVE-2026-54803

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

CVE-2026-54802

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

CVE-2026-52698

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget = 4.2.3 versions...

CVE-2026-54803 WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

CVE-2026-54803

CVE-2026-54803 affects the WordPress plugin SMS Alert Order Notifications up to version 3.9.4, with a subscriber privilege escalation vulnerability. Documents confirm affected product (WordPress plugin), vulnerable component (the plugin’s order notifications), and impact (privilege escalation for...

CVE-2026-54802 WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

CVE-2026-54802

CVE-2026-54802 affects the WordPress plugin “SMS Alert Order Notifications” (versions

CVE-2026-52698

The CVE concerns the WordPress PushEngage plugin (versions

USN-8440-1 linux-azure-6.8 vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

CVE-2026-40732

Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...

Falco 0.44.1

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...

CVE-2026-42973

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

CVE-2026-42971

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

CVE-2026-42969

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

CVE-2026-42970

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

CVE-2026-42991

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...