Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Media: aspeed – Fixed memory overwriting issues when the screen resolution is 1600x900. When displaying on a screen with a resolution of 1600x900, the system may crash if the system’s memory usage is tight. How to reproduce this...

Astra Linux – Vulnerability in Git

Git GUI allows you to use Git source control management tools through a graphical interface. When a user clones an untrusted repository and is tricked into editing a file located in a directory with a malicious name in the repository, Git GUI can create and overwrite files for which the user has...

Astra Linux – Vulnerability in gst-plugins-good1.0

Integer overflow in the avidemux element within the gstavidemuxinvert function, which allows for a heap overwrite during the parsing of AVI files. There is a potential for arbitrary code execution due to the heap overwrite...

Astra Linux – Vulnerability in Linux

The fix for XSA-365 includes the initialization of pointers so that subsequent cleanup code would not use uninitialized or stale values. However, this initialization went too far and may, under certain conditions, also overwrite pointers that need to be cleaned up. The lack of cleanup would resul...

Astra Linux – Vulnerability in rsync

A vulnerability was discovered in rsync prior to version 3.2.5. This vulnerability allows malicious remote servers to write arbitrary files into the directories of connecting peers. The server determines which files/directories are sent to the client. However, the rsync client lacks sufficient...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Copy Fail - CVE-2026-31431 This repository contains a small L...

race-condition-exploit

🔐 Race Condition Exploit & Mitigation TOCTOU This project d...

[slackware-security] gnutls

New gnutls packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gnutls-3.8.13-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: Add more checks to DTLS reassembly. Previously, gnut...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 — Copy Fail Linux kernel local privilege esc...

CVE-2026-7638

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

EUVD-2026-26732

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 AFALG AEAD Local Privilege Escalation Exploi...

Linux Distros Unpatched Vulnerability : CVE-2013-0261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the /tmp directory. This vulnerability...

copyfail

Copy Fail TL;DR $ curl https://git.dc09.xyz/DarkCat09/...

CVE-2026-31705

A flaw was found in the ksmbd component of the Linux kernel. This out-of-bounds write vulnerability occurs when processing Server Message Block SMB extended attribute EA information. Specifically, the smb2getea function performs an unconditional memory write for alignment padding without checking...

CVE-2026-3772

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

CVE-2026-3772

The CVE-2026-3772 entry concerns the WP Editor WordPress plugin. A CSRF vulnerability exists in all versions up to and including 1.2.9.2 due to missing nonce verification in the add_plugins_page and add_themes_page functions. This can allow unauthenticated attackers to overwrite arbitrary plugin ...

EUVD-2026-26497

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

CVE-2026-3772 WP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

CVE-2026-3772 WP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...