PT-2026-52426

Name of the Vulnerable Software and Affected Versions H5P versions prior to 1.17.7 Description An unauthenticated Cross Site Scripting XSS issue exists, allowing an attacker to execute malicious scripts in the browser of a user without requiring authentication. Recommendations Update to a version...

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allowed execution with unnecessary privileges. The -oP option is available to the exim user, and it could lead to a denial of service, as files owned by root could be overwritten...

Astra Linux – Vulnerability in Thunderbird, Firefox

When importing an SPKI RSA public key as an ECDSA P-256 key, the key is handled incorrectly, causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Astra Linux – Vulnerability in binutils

A issue was discovered in cp-demangle.c within GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplusdemangletype function making recursive calls to itself in certain scenarios involving many ‘P’ characters...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: 9p: Setting the refcount to zero was added to avoid uninitialized usage. When a new request is allocated, the refcount will be zero if the request is reused. However, if the request is newly allocated from a slab structure, it...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: mp: Fix for double-divider clock rate readback When support for double-divider clocks was introduced, the P-divider offset was left out of the .recalcrate readback function. This caused the clock rate to become...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: 9p/xen: fixed the issue of releasing the IRQ twice. Kernel logs indicate that the IRQ was released twice. The correct device ID must be passed during the IRQ release process. Dominique: removed the confusing variable “reset” to 0...

MINI-P644-HCCC-F9WH

Bulletin has no description...

PT-2026-49148

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

CVE-2026-52906

CVE-2026-52906 (Linux kernel 9p/v9fs) : The issue arises from how 9p options are applied during mounts. After commit 1f3e4142, v9fs_apply_options() uses |= to combine new flags with those already set by v9fs_session_init(), which for 9P2000.L defaults to V9FS_ACCESS_CLIENT. When a user mounts wit...

EUVD-2026-35415

In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb "9p: convert to the new mount API", v9fsapplyoptions applies parsed mount flags with |= onto flags already set by v9fssessioninit. For 9P2000.L,...

FreeBSD Security Advisory - FreeBSD-SA-26:30.linux

FreeBSD Security Advisory - The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and...

MINI-P5CV-VVP8-FJWG

Bulletin has no description...

MINI-JPVH-26HR-397P

Bulletin has no description...

Dulwich Vulnerable to Command Injection via Merge Driver Path

Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...

WordPress Newses theme <= 2.0.0.77 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by John P in WordPress Theme Newses versions = 2.0.0.77...

EUVD-2018-21877

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

Astra Linux - уязвимость в qemu

A flaw was discovered in the implementation of the 9p passthrough filesystem 9pfs in QEMU. The 9pfs server did not prevent the opening of special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared...

Astra Linux - уязвимость в golang-1.15

In Go versions before 1.14.14 and 1.15.x, as well as before 1.15.7, the crypto/elliptic/p224.go file may generate incorrect outputs due to a underflow of the lowest limb during the final complete reduction of the P-224 field...

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

🔓 CVE-2026-0073 - Android ADB Wireless Debugging Auth Bypass...