165 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: - In IPC: fixed to protect IPCS lookups using RCU. The syzbot reported that it discovered a use-after-free vulnerability. 0 0: https://lore.kernel.org/all/[email protected]/ The idrforeach function is...
Astra Linux - уязвимость в grub2
A vulnerability related to operations after freeing memory has been discovered in GRUB’s gettext module. This flaw arises from a programming error where the gettext command remains registered in memory even after its associated module is unloaded. An attacker can exploit this condition by invokin...
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code VS Code Marketplace. The extension in question is rwl.angular-console version 18.95.0, a popular user interface and plugin for code editors like VS Code,...
BIT-GITLAB-2026-6883 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...
CVE-2026-6883
GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...
CVE-2026-6883
GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...
UBUNTU-CVE-2026-6883
GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...
CVE-2026-6883 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...
CVE-2026-6883
GitLab CVE-2026-6883 affects GitLab Enterprise Edition (EE) across multiple tracked versions prior to patch levels: 15.7–before 18.9.7, 18.10–before 18.10.6, and 18.11–before 18.11.3. The root cause is improper cleanup of orphaned policy records, allowing an authenticated user to bypass merge req...
CVE-2026-6883 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...
EUVD-2026-30237
GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records...
PT-2026-40875
Name of the Vulnerable Software and Affected Versions GitLab EE versions 15.7 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description An issue exists where an authenticated user can bypass merge request approval requirements. This occurs due to...
Exploit for CVE-2026-31717
CVE-2026-31717: ksmbd DHnC Durable-Handle Reconnect Access-Con...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nvme: Fix for admin queue leaks upon controller reset When the nvmeallocadmintagset function is called during a controller reset, a previously existing admin queue may still exist. Properly release this queue before allocating a...
CVE-2026-31717
A flaw was found in ksmbd, a component of the Linux kernel. This vulnerability allows an authenticated user to hijack an orphaned durable handle by predicting or brute-forcing its persistent ID. This could lead to unauthorized access to file sessions and potentially sensitive data or services...
CVE-2026-31717
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...
PT-2026-36347
Name of the Vulnerable Software and Affected Versions Linux kernel ksmbd affected versions not specified Description The ksmbd SMB server fails to verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows an authenticated user to...
CVE-2026-33318
Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...
EUVD-2026-25380
Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...
CVE-2026-33318 Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers
Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...