Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: For the hda codecs, do not unset the “preset” parameter when cleaning up codec-related operations. Several functions involved in the initialization and removal of codecs are reused by ASoC codec driver implementations. Thes...

@lingxiteam/cli (=0.3.0), babel-preset-jaid (>=1.0.0 <=2.9.0) +1 more potentially affected by unknown CVE via babel-plugin-version (=0.2.3)

babel-plugin-version NPM version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on babel-plugin-version and may be impacted: - @lingxiteam/cli =0.3.0 - babel-preset-jaid =1.0.0, =2.0.0, =2.9.0 Source cves: unknown CVE Source advisory:...

@babel/preset-env (>=8.0.0-alpha.0 <=8.0.0-rc.4), @neetly/babel-preset (>=1.0.0-alpha.1 <=1.0.0-alpha.16) +1 more potentially affected by CVE-2026-44728 via @babel/plugin-transform-modules-systemjs (=8.0.0-rc.4)

@babel/plugin-transform-modules-systemjs NPM version =8.0.0-rc.4 is affected by a known vulnerability. The following packages have a transitive dependency on @babel/plugin-transform-modules-systemjs and may be impacted: - @babel/preset-env =8.0.0-alpha.0, =1.0.0-alpha.1, =1.0.0-alpha.14,...

GHSA-FV7C-FP4J-7GWP @babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input

Impact Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. Known affected plugins are: - @babel/plugin-transform-modules-systemjs - @babel/preset-env when using the modules: "systemjs" option, as it delegat...

@babel/plugin-transform-modules-systemjs generates arbitrary code when compiling malicious input

Impact Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. Known affected plugins are: - @babel/plugin-transform-modules-systemjs - @babel/preset-env when using the modules: "systemjs" option, as it delegat...

PT-2026-39295

Name of the Vulnerable Software and Affected Versions Babel versions 7.12.0 through 7.29.3 Babel versions 8.0.0-alpha.1 through 8.0.0-alpha.12 Description Compiling code specifically crafted by an attacker can cause the generation of output code that executes arbitrary code. This issue affects th...

gobstopper (>=0.2.0 <=0.2.7), modelw-preset-django (>=2025.7.0 <=2026.1.0b2) +1 more potentially affected by CVE-2026-42545 via granian (>=2.3.4 <=2.6.1)

granian PYPI version =2.3.4, =0.2.0, =2025.7.0, =0.1.1, =0.3.1 Source cves: CVE-2026-42545 Source advisory: SNYK:PYTHON-GRANIAN-16635309...

aloni (>=0.2.1 <=0.2.3), code-exec-hz (>=1.0.0 <=1.0.1) +6 more potentially affected by CVE-2026-42544 via granian (>=1.3.2 <=2.6.1)

granian PYPI version =1.3.2, =0.2.1, =1.0.0, =2.5.10, =1.0.0, =0.2.0, =0.0.1, =2025.1.0, =0.1.1, =0.3.1 Source cves: CVE-2026-42544 Source advisory: OSV:GHSA-VRG7-482J-P6F6...

gobstopper (>=0.2.0 <=0.2.7), modelw-preset-django (>=2025.7.0 <=2026.1.0b2) +1 more potentially affected by CVE-2026-42544 via granian (>=2.3.4 <=2.6.1)

granian PYPI version =2.3.4, =0.2.0, =2025.7.0, =0.1.1, =0.3.1 Source cves: CVE-2026-42544 Source advisory: SNYK:PYTHON-GRANIAN-16635313...

CVE-2026-35484

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadpreset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...

CVE-2026-35484

The CVE-2026-35484 issue affects text-generation-webui, an open-source web interface for running LLMs. It describes a path traversal vulnerability in the load_preset() function present before version 4.3, which allows an unauthenticated attacker to read any .yaml file on the server filesystem. Th...

CVE-2026-35484

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadpreset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...

EUVD-2026-19667

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadpreset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...

PT-2026-30857

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load preset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...

MAL-2026-2070 Malicious code in jest-preset-ppf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 865aa42f02036b04e6245ec53b1fd2e49bc7f3954c195abec4127acf04dfa260 The package jest-preset-ppf was found to contain malicious code. Source: ghsa-malware 84c3c8fd0d6db555bb09e8ddd8668f525a4de9ad2486ecf4ef835f158a7565d...

Malicious code in jest-preset-ppf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 865aa42f02036b04e6245ec53b1fd2e49bc7f3954c195abec4127acf04dfa260 The package jest-preset-ppf was found to contain malicious code. Source: ghsa-malware 84c3c8fd0d6db555bb09e8ddd8668f525a4de9ad2486ecf4ef835f158a7565d...

EUVD-2019-19856

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset i...

CVE-2019-25554

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset i...

CVE-2019-25554

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset i...

PT-2026-26899

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset i...