CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

More info at https://symfony.com/cve-2026-45075...

CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

More info at https://symfony.com/cve-2026-45075...

Malicious code in use-context-selector-tony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dde262b1fecc08fe5853c4ec7ada6c3c3746a6e7afb5bd18c33d5adfa03843c This package is a name-squat of the popular use-context-selector library and ships a postinstall script dist/postinstall.js / src/postinstall.js that...

CVE-2026-6405 Anomify AI <= 0.3.6 - Cross-Site Request Forgery

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: SUNRPC: Fixed a server shutdown leak A race condition was addressed where kthreadstop might prevent threadfn from being called at all. If this occurs, the svcrqst will not be cleaned up properly...

Astra Linux – Vulnerability in Flask

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client’s session...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Clean up only the newly added IRQ mapping when requestirq fails. The mlx5irqalloc function may inadvertently free the entire rmap, leading to a crash when other threads attempt to access it. This issue occurs when...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate command request size In commit 2b9b8f3b68ed “ksmbd: validate command payload size”, except for the SMB2OPLOCKBREAKHE command, the request size of other commands is not checked—this is not expected. This issue was...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: caif: A memory leak has been fixed in cfctrllinkuprequest. When linktype is unknown, or kzalloc fails in cfctrllinkuprequest, pkt is not released. Add a release process to the error handling logic...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: interconnect: Do not access reqlist while it’s being manipulated. The icclock mutex was split into separate icclock and iccbwlock mutexes in 1 to avoid lockdep splats. However, this did not adequately protect access to...

Astra Linux - уязвимость в tomcat9

Inconsistent interpretation of HTTP requests „HTTP Request/Response Smuggling“ vulnerability in Apache Tomcat due to an invalid chunk extension. This issue affects Apache Tomcat: versions from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0...

Astra Linux - уязвимость в http-parser

Node.js versions before 10.23.1, 12.20.1, 14.15.4, and 15.5.1 allow for two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

Astra Linux - уязвимость в etcd

A cross-site request forgery flaw was discovered in etcd 3.3.1 and earlier. An attacker can create a website that attempts to send a POST request to the etcd server and modify a key. Adding a key is done using a PUT operation, so it seems theoretically safe but PUT operations cannot be performed...

Astra Linux – Vulnerability found in Golang versions 1.15, 1.19, and 1.23

The net/http package improperly accepts a bare LF as a line terminator in chunked data with fixed-sized chunks. This can allow for request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: hifusb: A memory leak in urbs has been fixed in ath9khifusbdealloctxurbs. Syzkaller reported a well-known leak of urbs in ath9khifusbdealloctxurbs. The cause of the leak is that usbgeturb is called, but usbfreeurb or...

Astra Linux – Vulnerability in Waitress

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and earlier behind a proxy that does not properly validate whether the incoming HTTP requests comply with the RFC7230 standard, Waitress and the frontend proxy may disagree on where one reques...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: Staging: rtl8712: fixed an issue with uninit-value in usbread8 and related functions. When r8712usbctrlvendorreq returns a negative value, the “data” obtained from usbread8,16,32 will not be initialized. Bug: KMSAN: uninit-val...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a slab-out-of-bounds issue in smb2allocaterspbuf. If -ProtocolId is set to SMB2 TRANSFORMPROTONUM, the validation of the request size could be skipped. If the request size is smaller than sizeofstruct smb2queryinfore...

Astra Linux - уязвимость в apache2

Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.54 and...

Astra Linux - уязвимость в haproxy

A vulnerability related to information leaks was discovered in HAProxy versions 2.1, 2.2 before 2.2.27, 2.3, and 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, and 2.7 before 2.7.1. There are 5 bytes that are not initialized in the connection buffer when encoding the FCGIBEGINREQUEST...