Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fixed invalid PNP driver unregistration The Comedi low-level driver “c6xdigio” appears to be for a parallel port-connected device. When the Comedi core calls the driver’s Comedi “attach” handler c6xdigioattach t...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: padata: Always disable BHs when running -parallel. A deadlock can occur when an overloaded system runs -parallel within the context of the current task. The code structure is as follows: c padatadoparallel -parallel...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and clients. Clients based on FreeRDP on Unix systems that use the /parallel command-line switch may read uninitialized data and send it to the server to which the client is currently connected. Server implementations based on FreeRDP are not...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt – Fixed the hungtask issue for PADATARESET We identified a hungtask bug in testaeadveccfg as follows: INFO: Task cryptomgrtest:391009 was blocked for more than 120 seconds. Enabling the echo 0...

Ubuntu 20.04 LTS : Linux kernel (Azure FIPS) vulnerabilities (USN-7939-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7939-2 advisory. Jean-Claude Graf, Sandro Regge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation betwee...

CVE-2026-8669

Imager versions through 1.030 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match...

CVE-2026-26206

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the...

Lost in Migration: Exposing Android Framework Vulnerabilities in Parallel Java-Kotlin Implementations

Android has adopted Kotlin alongside Java across apps and core system components. During this shift, we observe parallel implementations in the Android Open Source Project AOSP where the same component is implemented in both Java and Kotlin. In principle, their functional purposes are identical. ...

CVE-2026-46152

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...

Towards Cybersecurity SuperIntelligence (CSI): What'S the Best Harness for Cybersecurity?

What is the best harness for cybersecurity AI? Cybersecurity systems are converging on a single execution scaffold per agent, an iterative shell loop driven by a Large Language Model LLM. However, scaffolds are not interchangeable, rarely interoperable, and no single scaffold dominates across all...

cve-researcher

cve-researcher AI-powered CVE research in your terminal —...

Exploit for CVE-2026-0265

CVE-2026-0265 Risk Checker for Palo Alto PAN-OS A Python script...

WARD: Adversarially Robust Defense of Web Agents against Prompt Injections

Web agents can autonomously complete online tasks by interacting with websites, but their exposure to open web environments makes them vulnerable to prompt injection attacks embedded in HTML content or visual interfaces. Existing guard models still suffer from limited generalization to unseen...

SUSE CVE-2026-7815

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

CVE-2026-7815 pgAdmin 4: SQL injection in Maintenance tool option values leading to remote code execution

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016805)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016805 advisory. Cancelling a query e.g. by cancelling the context passed to one of the query methods during a call to the Scan method of the returned Rows can result in unexpected...

CVE-2026-43353

A flaw was found in the Linux kernel's i3c: mipi-i3c-hci module. A race condition in the hcidmadequeuexfer function allows parallel calls to interfere with each other when multiple transfers time out concurrently. This interference can cause the DMA ring to stop or restart unexpectedly, potential...

Maestro 0.15.4

Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: cloudnative-pg-fips, kuma, opentelemetry-collector-contrib-fips, cloudprober, pgwatch, openfga-fips, keda, step, telegraf, caddy, gitlab-cng-fips, spicedb, step-ca, ldap2pg, rke2-runtime, step-issuer-fips, commercial-chainloop-backend, argo-workflows-fips,...

CLSA-2026-1777663444 freerdp: Fix of 3 CVEs

CVE-2026-33985: fix information leak in ClearCodec glyph index decode; validate nWidthnHeight for overflow and update glyphEntry-count only after a successful realloc so subsequent reads cannot expose adjacent heap memory - CVE-2022-39283: fix missing length check in /video channel data handler;...