Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/panthor: Fix for dma-fence safe access rules Commit 506aa8b02a8d6 “dma-fence: Add safe access helpers and document the rules” details the dma-fence safe access rules. The most common issue is that...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly linking new fs rules into the tree Previously, addrulefg would only add newly created rules from the handle into the tree when their refcount was 1. On the other hand, createflowhandle attempts to find and...

Astra Linux - уязвимость в haproxy

A issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. This issue does not ensure that the scheme and path portions of a URI contain the expected characters. For example, the authority field as observed on a target HTTP/2 server might differ from what the...

EUVD-2026-31013

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

CVE-2026-43617

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

CVE-2026-43617

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

A Large Language Model Approach to Generating Bypass Rules for Malware Evasion in Analysis Sandbox

Sandbox evasion remains a critical challenge for automated malware analysis, as modern malware employs environment checks to detect analysis platforms and suppress malicious behavior. Existing approaches rely on manually crafted bypass rules that require deep reverse engineering of each evasion...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021635)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021635 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardo...

CVE-2026-7307

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

Suricata IDPE 8.0.5

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and...

BIT-GITLAB-2026-2900 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that when instance-level approval rule editing prevention was enabled, could have allowed an authenticated user with Maintainer permissions to modify or dele...

PT-2026-41420

Name of the Vulnerable Software and Affected Versions Essential Chat Support versions prior to 1.0.2 Description The Essential Chat Support plugin for WordPress contains an authorization bypass. The plugin fails to properly verify if a user is authorized to perform specific actions, allowing...

Security update for gosec (moderate)

openSUSE Security Update: Security update for gosec Announcement ID: openSUSE-SU-2026:0167-1 Rating: moderate References: Cross-References: CVE-2025-22891 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update for gosec...

[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.6.0-4.fc42

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-4.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

CVE-2026-6664

A flaw was found in PgBouncer. An integer overflow in the network packet parsing code allows an unauthenticated remote attacker to bypass a boundary check by sending a malformed SCRAM authentication packet. This can lead to a crash, resulting in a Denial of Service DoS for the PgBouncer instance...

CVE-2026-6691

A flaw was found in the MongoDB C Driver's Cyrus SASL integration. This vulnerability, a heap buffer overflow, occurs due to unsafe string copying during username canonicalization. A remote attacker can exploit this by providing untrusted input in the username of a MongoDB URI with...

OESA-2026-2286 xdg-dbus-proxy security update

xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...

poc_regex

pocregex pocregex: Extract th...

anti-hacking

🛡️ anti-hacking: Comprehensive Defensive Security Knowledge Ba...