Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Guard for possible null pointer dereferencing REASON In some situations, dc-respool may be null. SOLUTION Check if the pointer is null before dereferencing it...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fix potential memory leak in mlx5einitreprx The memory pointed to by the priv-rxres pointer is not freed in the error path of mlx5einitreprx, which can lead to a memory leak. Fix by freeing the memory in the error path,...

Exploit for Path Traversal in Apktool

CVE-2026-39973-PoC This is a small C apk file builder for CV...

Linux Distros Unpatched Vulnerability : CVE-2026-39973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in...

GHSA-M8MH-X359-VM8M Apktool: Path Traversal to Arbitrary File Write

A path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a security regression introduced in commit e10a045 PR 4041, December 12, 2025, which removed the...

CVE-2026-32862

There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

CVE-2026-5707

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

CVE-2026-5708

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...

CVE-2026-5707

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

CVE-2026-5454 GRID Organiser App co.gridapp.organiser app.json hard-coded key

A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is...

FLIR Systems AX8 Cameras OS Command Injection (CVE-2022-37061)

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

FLIR Systems AX8 Cameras Command Injection (CVE-2023-51126)

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 Jan 2023 the FLIR AX8 should no longer be affected by the...

PT-2026-3857

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DC ChargeLoopRes message that includes Receipt as well as TaxCosts, the vector tax costs in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

CVE-2022-31313

api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package...

CVE-2019-11700

A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox 67...

CVE-2023-54106

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fix potential memory leak in mlx5einitreprx The memory pointed to by the priv-rxres pointer is not freed in the error path of mlx5einitreprx, which can lead to a memory leak. Fix by freeing the memory in the error path,...

CVE-2023-54106

No public technical details about CVE-2023-54106 are present in the provided documents. The connected advisories list many CVEs but do not disclose specifics for this entry. Monitor vendor advisories for updates.

EUVD-2025-32635

Malicious code in res-notification npm...

Malicious code in res-notification (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef24fa6bd07739f45e7e31a196535dc42562533848a3b3dcd6b7bc98b16ff4dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48004 Malicious code in res-notification (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef24fa6bd07739f45e7e31a196535dc42562533848a3b3dcd6b7bc98b16ff4dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...