PT-2026-44001

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow origins="...

Linux Distros Unpatched Vulnerability : CVE-2026-45961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gfs2: fix memory leaks in gfs2fillsuper error path Fix two memory leaks in the gfs2fillsuper error handling path when transitioning a filesystem to read-write...

CVE-2026-48136 Authenticated Administrator Role-Based Access Control Bypass in Compliance

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

EUVD-2026-31823

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

MAL-2026-4789 Malicious code in ggk-happy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a22c29c3d374a49fdb69fb941f2fb81e42b69006b8ed154eba8d365c755b245 ggk-happy presents itself as the slopus/happy CLI Mobile/Web client for Claude Code — author metadata, homepage happy.engineering, and repository...

Check Point Multi-Domain Management 安全漏洞

Check Point Multi-Domain Management is a centralized security management platform provided by Check Point Israel. Check Point Multi-Domain Management has a security vulnerability. This vulnerability arises from the fact that when compliance is enabled in the multi-domain management system, verifi...

PT-2026-43240

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

CVE-2026-48136 - Authenticated Administrator Role-Based Access Control Bypass in Compliance

Symptoms - When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access...

PT-2026-42408

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.0.2 through 4.4.2 Description An improper link resolution issue allows a remote authenticated attacker to read or overwrite arbitrary files through the creation of attacker-controlled symlinks symbolic links, which are file...

Malicious code in @kmmao/happy-coder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4478b22a21a87a37250e86ef25639330f79b779e5793f642eaf7ddaafd975d4 This package is a near-verbatim fork of the upstream happy-coder/happy-cli references to slopus/happy-cli and happy.engineering are retained througho...

Astra Linux - уязвимость в chromium

Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of after-free in Blink in Google Chrome before version 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

Incorrect verifier pruning in the BPF module of the Linux kernel version 5.4 and above leads to unsafe code paths being incorrectly marked as safe. This results in arbitrary read/writes to kernel memory, lateral privilege escalation, and container escapes...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fixed the ordering in queuedwritelockslowpath While this code is executed with waitlock held, a reader can acquire the lock without holding waitlock. The writer checks the value using atomiccondreadacquire, but...

Astra Linux - уязвимость в chromium

The use of after-free in Base Internals in Google Chrome before version 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

Linux Kernel nftables Out-of-bounds Read/Write Vulnerability; nftbyteorder improperly handles the contents of VM registers when CAPNETADMIN is present in any user or network namespace...

Astra Linux - уязвимость в chromium

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

The use of WebCodecs with “after free” in Google Chrome before version 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

In V8 of Google Chrome, out-of-bounds memory access prior to version 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...