1127 matches found
CVE-2026-56018
JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes withou...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Timers: A race condition involving NULL function pointers was fixed in timershutdownsync. There is a race condition between timershutdownsync and timerexpiration, which can lead to a WARNON being triggered in expiretimers. The...
Important: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-rhel9 container image
A new satellite/iop-host-inventory-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...
CVE-2026-5834
A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminrunning.php. Performing a manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now publi...
CVE-2026-45287
OpenTelemetry-Go (Go implementation) prior to version 0.0.17 leaks one file descriptor per successful ParseFile call when parsing go.opentelemetry.io/otel/schema/v1.0 and v1.1. In long-running processes, repeated schema parsing without proper file closure can exhaust the process file descriptor l...
PT-2026-46233
Name of the Vulnerable Software and Affected Versions API Platform Core versions 2.6.0 through 4.1.28 API Platform Core versions 4.2.0 through 4.2.25 API Platform Core versions 4.3.0 through 4.3.11 Description A missing isCacheKeySafe gate in the JSON:API and HAL item normalizers leads to a...
GHSA-995V-FVRW-C78M opentelemetry-go's Schema ParseFile leaks file descriptors on each parse
Summary go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it; repeated parsing in a long-running process can exhaust the process file...
CVE-2026-45968
In the Linux kernel, the following vulnerability has been resolved: cpuidle: Skip governor when only one idle state is available On certain platforms PowerNV systems without a power-mgt DT node, cpuidle may register only a single idle state. In cases where that single state is a polling state sta...
UBUNTU-CVE-2026-45917
In the Linux kernel, the following vulnerability has been resolved: ipvs: do not keep destdst if dev is going down There is race between the netdev notifier ipvsdstevent and the code that caches dst with dev that is going down. As the FIB can be notified for the closed device after our handler...
CVE-2026-45917 ipvs: do not keep dest_dst if dev is going down
In the Linux kernel, the following vulnerability has been resolved: ipvs: do not keep destdst if dev is going down There is race between the netdev notifier ipvsdstevent and the code that caches dst with dev that is going down. As the FIB can be notified for the closed device after our handler...
PT-2026-43784
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the netdev notifier ip vs dst event and the code responsible for caching the destination dst when a device is going down. Because the Forwarding Informati...
Ollama Scanner
This module identifies ollama instances and enumerates the LLM models which have been loaded and are running. Module Options msf use auxiliary/scanner/http/ollamainfo msf auxiliaryollamainfo show actions ...actions... msf auxiliaryollamainfo set ACTION msf auxiliaryollamainfo show options ...show...
MAL-2026-4193 Malicious code in private-next-pages (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00c6505c70734328f859fa758ad45ba680403a4cfeedd60d2f9e035b026bd45c package.json declares a postinstall script that uses Node's childprocess to execute reconnaissance commands including whoami and beacon results out v...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: netlink: Annotate accesses to nlk-cbrunning Both netlinkrecvmsg and netlinknativeseqshow read nlk-cbrunning without locking it. Use READONCE in those functions. Add corresponding WRITEONCE to netlinkdump and netlinkdumpstart...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: scsi: pm8001: Fixed the runningreq for internal abort commands Disabling the remote PHY for a SATA disk causes a hang: bash root@none$ more /sys/class/sasPhy/phy-0:0:8/targetPortProtocols sata root@none$ echo 0...
Astra Linux – Vulnerability in Linux 5.10, Linux
A use-after-free flaw was identified due to a race between the superblock operations in the gadgetfs Linux driver. This flaw could be triggered by removing a device that is running the gadgetfs side...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: posix-timers: A situation where livelock occurs in itimerdelete has been addressed. Itimerdelete includes a retry loop when the timer expires simultaneously. On non-RT kernels, this simply involves waiting until the timer callbac...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: mmc: vub300: fix warning – do not call blocking ops when !TASKRUNNING vub300enablesdioirq works with a mutex and requires TASKRUNNING to function properly. Ensure that we mark the current context as TASKRUNNING for sleepable...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: In devcom, fix the error flow in mlx5devcomregisterdevice. In the event of a failure in devcom allocation, mlx5 always releases the private memory. However, this private memory might have been allocated by a different...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: pdscore: The pdsccheckpcihealth function was fixed to use a work thread for execution. When the driver detects that fwstatus == 0xff, it attempts to perform a PCI reset on itself via the pciresetfunction function within the...