Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In 64-bit versions of the Linux kernel, Copyfromuser does not implement uaccessbeginnospec, which allows a user to bypass the “accessok” check and pass a kernel pointer to copyfromuser. This would enable an attacker to leak sensitive information. We recommend upgrading beyond commit...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: virtio: use virtiodeviceready in virtiodevicerestore After waking up a suspended VM, the kernel prints the following trace for virtio drivers which do not directly call virtiodeviceready in the .restore: PM: suspend exit irq 22:...

PT-2026-36459

In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platform label,s pair The RCU-protected codepaths mpls forward, mpls dump routes can have an inconsistent view of platform labels vs platform label in case of a concurrent resize resize platform...

JLSEC-2026-211

libmariadb/mariadblib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadblib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle...

CVE-2026-29141

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as signed OK...

EUVD-2026-18162

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as signed OK...

CVE-2026-29141

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as signed OK...

CVE-2019-25559

SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a...

Malicious code in ok-jest-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 325c8c29810fe4350343efe3d17484a0cd3f9d3617ff312bae86468449c95e14 The package ok-jest-config was found to contain malicious code...

MAL-2026-1806 Malicious code in ok-jest-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 325c8c29810fe4350343efe3d17484a0cd3f9d3617ff312bae86468449c95e14 The package ok-jest-config was found to contain malicious code...

CVE-2026-25481 Langroid has WAF Bypass Leading to RCE in TableChatAgent

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...

MiracleLinux 8 : mariadb-connector-c-3.1.11-2.el8 (AXSA:2021-1464:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1464:01 advisory. mysql: C API unspecified vulnerability CPU Apr 2020 CVE-2020-2752 mysql: C API unspecified vulnerability CPU Apr 2020 CVE-2020-2922...

MiracleLinux 4 : rh-mariadb102-galera-25.3.29-1.AXS4, rh-mariadb102-mariadb-10.2.33-1.AXS4 (AXSA:2020-657:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-657:01 advisory. mysql: Server: Replication unspecified vulnerability CPU Apr 2019 CVE-2019-2614 mysql: Server: Security: Privileges unspecified vulnerability CPU Apr...

UBUNTU-CVE-2022-50832

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential memory leak in wilcmacxmit The wilcmacxmit returns NETDEVTXOK without freeing skb, add devkfreeskb to fix it. Compile tested only...

CVE-2025-66259

Authenticated RCE vulnerability in DB Electronica Mozart FM Transmitter family (versions 30–7000) due to improper input filtering in main_ok.php where user-supplied hour/time data is passed directly to a date shell command. Root cause: insufficient input validation allowing remote code execution ...

DB Electronica Mozart FM Transmitter 安全漏洞

The DB Electronica Mozart FM Transmitter is a line of professional-grade FM radio transmitters from the Italian company DB Electronica. A security vulnerability exists in DB Electronica Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000, which originates...

Malicious code in ok_shrew_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bec5c9ee4930f910a090082eda021abf416ef096b3a4696ae5d57e8e137cfa67 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ok_wombat_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 661082b09da9c9c923a43729a0764516c4b696913fdd06ccfebd3fa6dfb8adab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ok_toucan_replicate_automation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4325ba56e66f01897ee4c2d56f7e5d3f158ac881ba3ba98d950da8e7877fb5e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-62815

Malicious code in okboobyz3n npm...