Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: rustbinder: fixed oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted into the tree. As a result, the new request wasn’t taken into account in the spam calculation...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: arm64: Fixed a no-op check in setaccessflags, which could lead to errors when detecting SMMU/ATS faults. The function contpteptepsetaccessflags compared the gathered value from ptepget with the requested state to detect no-ops...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbedit: fix divide-by-zero in tcfskbedithash Commit 38a6f0865796 “net: sched: support hash selecting tx queue” added support for SKBEDITFTXQSKBHASH. The inclusive range size is computed as follows: mappingmod =...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtlwifi: 8192cu: fixed a situation where TID was out of range in rtl92cu TxFillDesc. The TID obtained from ieee80211gettid might be out of range of the array size of staEntry-tids, so check that TID is less than...

Astra Linux - уязвимость в subversion

Subversion’s moddavsvn is vulnerable to memory corruption. When checking path-based authorization rules, moddavsvn servers may attempt to use memory that has already been freed. Affected Subversion moddavsvn servers include versions 1.10.0 through 1.14.1 including those versions. Servers that do...

Astra Linux - уязвимость в linux, linux-5.10

A flaw involving a null pointer dereference was discovered in the Linux kernel’s UDF file system functionality. This flaw allows a malicious UDF image to trigger the udffilewriteiter function. A local user could exploit this flaw to crash the system. The flaw is present in the Linux kernel versio...

Astra Linux - уязвимость в tomcat9

In some unusual configurations of multipart uploads, an Integer Overflow vulnerability in Apache Tomcat can lead to a Denial-of-Service attack by bypassing size limits. This issue affects Apache Tomcat versions as follows: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, and from...

EUVD-2026-31000

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

NLnet Labs Unbound 资源管理错误漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. In versions 1.19.1 to 1.25.0 of NLnet Labs Unbound, there is a resource management vulnerability. This vulnerability stems from incorrect overwriting of target pointers when deep copying data structures in the DNSSE...

Sitemio WISECP 跨站请求伪造漏洞

Sitemio WISECP is an automated management and billing platform developed by the Turkish company Sitemio, aimed at hosting services and domain name services. Versions of Sitemio WISECP from 2002 to 2026 had a cross-site request forgeing vulnerability. This vulnerability stems from cross-site reque...

CLSA-2026-1779223801 samba: Fix of CVE-2022-32742

CVE-2022-32742: fix server memory information leak via SMB1; insufficient range-check on SMB1 write request length allowed server memory contents to leak into the written file or printer instead of client-supplied bytes...

alvin-cli (>=0.0.1a0 <=1.3.0rc1), apache-airflow-providers-fastetl (>=0.0.36 <=0.0.39) +47 more potentially affected by CVE-2026-46374 via sqlfluff (>=0.11.2 <=4.1.0)

sqlfluff PYPI version =0.11.2, =0.0.1a0, =0.0.36, =0.4.6, =1.1.5, =0.1.2, =0.0.1, =0.1.0, =0.1.0, =1.0.0, =0.4.0, =0.1.0, =0.19.1a7, =1.3.3, =0.9.3, =0.1.0, =0.3.3 and more Source cves: CVE-2026-46374 Source advisory: OSV:GHSA-73JC-5MRQ-PRW7...

Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string

Summary dasel's selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash e.g., "\ or '. A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8...

GHSA-M5J3-4634-C2VQ Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string

Summary dasel's selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash e.g., "\ or '. A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8...

NPM: Turbo: Unexpected local code execution during Yarn Berry detection

NPM: Turbo: Unexpected local code execution during Yarn Berry detection vulnerability discovered by ? in WordPress Npm turbo versions = 1.1.0, 2.9.14...

[SECURITY] Fedora 43 Update: perl-Net-CIDR-Lite-0.24-1.fc43

Faster alternative to Net::CIDR when merging a large number of CIDR address ranges. Works for IPv4 and IPv6 addresses...

CVE-2026-45442

Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3...

Drupal core 跨站脚本漏洞

Drupal Core is a free, open-source content management system developed in PHP by the Drupal community. Drupal Core has a cross-site scripting vulnerability, which stems from improper input during the web page generation process, potentially leading to cross-site scripting attacks. The following...

PT-2026-41761

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service DoS through the server due to uncontrolled disk space consumption. The download agent fil...

VulnCheck KEV: CVE-2025-62481

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing...