CVE-2026-39829

CVE-2026-39829 affects golang.org/x/crypto/ssh. The vulnerability arises because the RSA/DSA public key parsers did not enforce size limits on key parameters, allowing crafted keys with oversized modulus or DSA parameters to cause prolonged CPU use during signature verification. Affected behavior...

CVE-2026-45253

ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fixed parameter validation for packet data Since commit 9c328f54741b “net: nfc: nci: Added parameter validation for packet data”, communication with nci/nfc chips no longer works. The mentioned commit attempted to...

FreeBSD Security Advisory - FreeBSD-SA-26:21.ptrace

FreeBSD Security Advisory - ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges...

CVE-2026-31070

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

CVE-2026-8125

A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now...

Debian dsa-6259 : python-jwt-doc - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6259 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6259-1 [email protected] https://www.debian.org/security/...

CVE-2026-43291

A flaw was found in the Linux kernel's Near Field Communication NFC NCI subsystem. Incorrect parameter validation for variable-length packet data can lead to communication failures with NCI NFC chips. This issue, stemming from an attempt to prevent access to uninitialized data, results in a Denia...

EUVD-2026-28561

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...

CVE-2026-43291

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...

CVE-2026-43291

CVE-2026-43291 affects the Linux kernel NFC NCI subsystem. A parameter validation flaw for variable-length data packets can trigger a DoS by breaking NFC communication with NCI chips. Root cause: code compared variable-length packet data against a maximum length derived from sizeof(struct), ignor...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with NCI packet parameter validation. This vulnerability may lead to communication failures...

PT-2026-38933

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the net: nfc: nci component where parameter validation for packet data was incorrectly implemented. A previous attempt to prevent access to uninitialized data failed t...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via improper validation of user-supplied fields in the filter and sortby parameters. An attacker can cause the backend to return HTTP 500 errors, potentially disrupt service availability, and...

PT-2026-38489

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...

Astra Linux – Vulnerability in Zabbix

There is a vulnerability related to arbitrary file reading in the Zabbix Web Service Report Generation module, which listens on port 10053. The service does not perform proper validation on URL parameters before reading the files...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobusgetPhy The caller may pass any value as addr, which could lead to an out-of-bounds access to the mdiomap array. One existing case is in stmmacinitPhy, where -1 may be passed as addr...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: block: ublk: Make sure that the block size is set correctly. The block size is a very important setting for the block layer; an incorrect block size can easily cause the kernel to panic. Ensure that the block size is set correctl...

CVE-2026-5937 Foxit PDF Editor/Reader's insufficient parameter validation leads to denial-of-service vulnerability

Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalidargument" exception, ultimately causing the program to terminate...

CVE-2026-5937 Foxit PDF Editor/Reader's insufficient parameter validation leads to denial-of-service vulnerability

Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalidargument" exception, ultimately causing the program to terminate...