Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: configfs-tsm-report: Fixed the NULL dereference of tsmops. Unlike sysfs, the lifetime of configfs objects is controlled by userspace. There is no mechanism for the kernel to find and delete all created config-items. Instead, t...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check the pipe offset before setting vblank. The size of pipectx is MAXPIPES; therefore, its index must be checked before accessing the array. This fix addresses an OVERRUN issue reported by Coverity...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: The default value for “denominator” is initialized to 1. WHAT & HOW Variables that are used as denominators and may not be assigned to other values should be initialized to a non-zero value to avoid “DIVIDEBYZERO...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: kasan: kasanfindvmarea has been removed to prevent possible deadlocks. The findvmarea function cannot be called in an atomic context. If findvmarea is called to report VM area information, kasan may trigger a deadlock. For exampl...

CVE-2026-7707

A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udrnudrdrhandlesubscriptioncontext of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the argument pei results in denial of service. The attack can be launched remotely. The exploit has been made...

CVE-2026-7708

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogsdbisubscriptiondata in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supiid causes denial of service. The attack may be initiated remotely. The exploit has...

CVE-2026-7678 YunaiV yudao-cloud GoViewDataServiceImpl.java getDataBySQL sql injection

A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...

GHSA-GC2J-WPJV-JHRW sublinear-time-solver has a Path Traversal Issue

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

CVE-2026-7645 ruvnet sublinear-time-solver MCP server.js export_state path traversal

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

EUVD-2026-26799

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

EUVD-2026-26796

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...

CVE-2026-7642

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...

Linux Distros Unpatched Vulnerability : CVE-2026-43051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: wacom: fix out-of-bounds read in wacomintuosbtirq The wacomintuosbtirq function processes Bluetooth HID reports without sufficient bounds checking. A...

Linux Distros Unpatched Vulnerability : CVE-2026-43028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtables: ensure names are nul-terminated Reject names that lack a \0 character before feeding them to functions that expect c-strings. Fixes tag is t...

PT-2026-36605

A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync ea from file. Such manipulation of the argument ea name leads to path traversal. The attack can be launched...

Linux Distros Unpatched Vulnerability : CVE-2026-43015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: macb: fix clk handling on PCI glue driver removal platformdeviceunregister may still want to use the registered clks during runtime resume callback. Note...

PT-2026-36625

A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2026-43047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: multitouch: Check to ensure report responses match the request It is possible for a malicious or clumsy device to respond to a specific report's feature...

CVE-2026-7591

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...

CVE-2026-43051

A flaw was found in the Linux kernel's Wacom Human Interface Device HID driver. This vulnerability allows a remote attacker to trigger an out-of-bounds read by sending a specially crafted, short Bluetooth HID report. This can lead to the disclosure of sensitive information from the system's memor...