Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dm mpath: Added the missing dmputdevice call when failing to obtain the scsi dh name. When commit fd81bc5cca8f “scsi: devicehandler: Returning an error pointer in scsidhattachedhandlername”, code was added to fail the parsing of...

CVE-2025-24268

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

CVE-2025-24268

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

CVE-2026-44749

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts e.g., regex patterns and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected...

PT-2026-44724

Name of the Vulnerable Software and Affected Versions python311-dulwich versions prior to 1.2.5-1.1 Description Security issues were identified in the python311-dulwich package. Recommendations Update to version 1.2.5-1.1...

CVE-2026-28915

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges...

CVE-2026-28915

A parsing issue in the handling of directory paths was fixed by improved path validation in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5. The flaw could allow an app to gain root privileges. The CVE is tied to CVE-2026-28915 and is addressed by the listed OS updates; no additio...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper handling of resource path matching and authorization checks. An attacker can gain unauthorized access to protected resources or perform unauthorized actions by crafting requests that exploit...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper handling of resource path matching and authorization checks. An attacker can gain unauthorized access to protected resources or perform unauthorized actions by crafting requests that exploit...

CVE-2026-6862

CVE-2026-6862: A flaw in libefiboot (part of efivar) affects the device path node parser, which does not validate that each node’s Length is at least 4 bytes (EFI node header minimum). A crafted device path node could trigger infinite recursion, stack exhaustion, and a DoS via a process crash. Do...

CVE-2026-6862 Efivar: efivar: denial of service due to stack overflow in device path node parsing

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

PT-2026-34450

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

EUVD-2026-18436

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...

CVE-2026-34124

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...

TP-Link Tapo C520WS 安全漏洞

The TP-Link Tapo C520WS is a WiFi camera produced by TP-Link Corporation. The TP-Link Tapo C520WS v2.6 version contains a security vulnerability. This vulnerability stems from the HTTP request path parsing logic, which does not account for path extensions during normalization. As a result, buffer...

srvx is vulnerable to middleware bypass via absolute URI in request line

Summary A pathname parsing discrepancy in srvx's FastURL allows middleware bypass on the Node.js adapter when a raw HTTP request uses an absolute URI with a non-standard scheme e.g. file://. Details When Node.js receives an absolute URI in the request line e.g. GET file://hehe?/internal/run...

CVE-2026-20632

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...

CVE-2026-28876

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to access sensitive user da...

EUVD-2026-15040

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...

CVE-2026-20632

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...