Astra Linux - уязвимость в chromium

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...

Astra Linux - уязвимость в chromium

The use of after free in Passwords in Google Chrome before version 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

Astra Linux - уязвимость в chromium

Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Astra Linux - уязвимость в linux-5.10, linux

A vulnerability has been discovered in the Linux kernel. It has been identified as a problem. The vulnerability affects the intrcallback function in the drivers/net/usb/r8152.c file of the BPF component. Manipulation of this function results in the logging of excessive data. The attack can be...

Astra Linux - уязвимость в chromium

The use of after-free in MediaStream in Google Chrome before version 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в openjdk-11

A vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The versions affected include Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1...

Astra Linux - уязвимость в ffmpeg

A buffer overflow vulnerability exists in FFmpeg 4.2, specifically in the builddiffmap function within libavfilter/vffieldmatch.c. This vulnerability could allow a remote malicious user to cause a Denial of Service attack...

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Libraries. The supported versions affected by this vulnerability include Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition:...

glib: GLib: Buffer underflow in GVariant parser leads to heap corruption

A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...

ROS-20260520-73-0035

A vulnerability in the WebAudio component of Google Chrome browser is related to reading data outside of buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260520-73-0007

A vulnerability in the WebGL component of Google Chrome and Microsoft Edge browsers is related to reading outside of the allowed range in memory. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality, integrity and availability of protected...

PT-2026-42194

SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges...

ROS-20260520-73-0016

A vulnerability in the ANGLE library of Google Chrome and Microsoft Edge browsers is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260520-73-0054

A vulnerability in the PDF component of the Google Chrome web browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted PDF file...

CVE-2026-33642

A flaw was found in Kitty, a cross-platform GPU-based terminal. A remote attacker, by sending specially crafted escape sequences to a Kitty terminal, can exploit an integer wrapping vulnerability in the handlecomposecommand function. This vulnerability allows for out-of-bounds memory access, whic...

Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)

Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...

CVE-2026-43633

CVE-2026-43633 affects HestiaCP versions 1.9.0–1.9.4, where a deserialization vulnerability in the web terminal component is caused by a session format mismatch between PHP and Node.js. Unauthenticated remote attackers can trigger root‑level code execution by injecting crafted data into HTTP head...

Keycloak: Denial of Service via specially crafted SAML input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

CVE-2026-2611

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...