Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fixed a race condition between enabling/disabling SR-IOV and hot-plug events. The commit 05703271c3cd “PCI/IOV: Added locking for PCI rescan and removal when enabling/disabling SR-IOV” attempted to address a race conditi...

CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials...

CVE-2022-26562

An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core = 6.30 introduced between 6.30.0 RC1e and 6.30.8 final...

CVE-2025-40219

CVE-2025-40219 concerns the Linux kernel SR-IOV PCI handling. The vulnerability stems from missing serialization locks around SR-IOV VF removal/enabling: sriov_disable() could remove VF PCI devices without holding the global PCI rescan-remove lock, risking double-remove/list corruption (notably o...

CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

EUVD-2016-0997

Malware in sbrugna...

EUVD-2017-14203

Malware in sbrugna...

EUVD-2018-10680

Malware in sbrugna...

EUVD-2013-0909

Malware in sbrugna...

EUVD-2015-0321

Malware in sbrugna...

EUVD-2025-27553

Malicious code in bioql PyPI...

EUVD-2023-50093

Malicious code in bioql PyPI...

CVE-2020-2654 vulnerabilities

Vulnerabilities for packages: openjdk-21-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-8-openj9, openjdk, openjdk-25-openj9, openjdk-17-openj9...

CVE-2025-32094

An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai...

CVE-2025-3599

creationtimestamp| type| source ---|---|--- 2025-04-30 17:13:05+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14090 2025-04-30 18:00:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo2esvzxd424 2025-04-30 20:25:46+00:00| seen| https://t.me/cvedetector/24129...

CVE-2025-2830

By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the...

CVE-2025-2830

By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the...

CVE-2021-46941

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the driver needs to do the following. To switch from device to host: 1. Reset controller with...

July 25, 2023—KB5028244 (OS Build 19045.3271) Preview

July 25, 2023—KB5028244 OS Build 19045.3271 Preview 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 22H2, see its update history page. Note Follow...

openssl: integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...