Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: udptunnel: Use netdevwarn instead of netdevWARN. netdevWARN uses WARN/WARNON to print a backtrace along with file and line information. In this case, udptunnelnicregister failing due to a memory allocation failure e.g., kzalloc o...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: It was resolved that holding the PM usage reference is necessary to avoid deadlocks between PM and MDIO operations along with RTNL. Prevent USB runtime PM autosuspend for AX88772 in bind. usbnet enables runtime PM...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: SCTP: A potential out-of-bounds exception has been prevented in sctptransportupdaterto. SYZBOOT reported a potential out-of-bounds exception 1. The responsible developer added rtoalphamax and set rtobetamax to 1000. It is...

SUSE CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

MiracleLinux 9 : dotnet9.0-9.0.106-1.el9_6.ML.1 (AXSA:2025-10506:14)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10506:14 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New...

HTC VIVE Runtime Service 代码问题漏洞

HTC VIVE Runtime Service is a core backend driver from HTC Corporation. A code issue vulnerability exists in HTC VIVE Runtime Service version 1.0.0.4, which stems from the service path being unquoted, and could lead to a local user executing arbitrary code and elevating system privileges...

MiracleLinux 8 : dotnet9.0-9.0.107-1.el8_10 (AXSA:2025-10025:12)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10025:12 advisory. NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New...

PT-2026-2394

Name of the Vulnerable Software and Affected Versions VIVE Runtime Service version 1.0.0.4 Description The VIVE Runtime Service contains a flaw due to an unquoted service path. This allows local users to potentially execute arbitrary code with elevated system privileges. An attacker can exploit t...

CVE-2026-22213 RIOT OS <= 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen function, which constructs a device path using unbounded user-controlled input. The utility...

GO-2026-4279 flagd: Multiple Go Runtime CVEs Impact Security and Availability in github.com/open-feature/flagd/core

flagd: Multiple Go Runtime CVEs Impact Security and Availability in github.com/open-feature/flagd/core...

When Bots Take the Bait: Exposing and Mitigating the Emerging Social Engineering Attack in Web Automation Agent

Web agents, powered by large language models LLMs, are increasingly deployed to automate complex web interactions. The rise of open-source frameworks e.g., Browser Use, Skyvern-AI has accelerated adoption, but also broadened the attack surface. While prior research has focused on model threats su...

Operational Runtime Behavior Mining for Open-Source Supply Chain Security

Open-source software OSS is a critical component of modern software systems, yet supply chain security remains challenging in practice due to unavailable or obfuscated source code. Consequently, security teams often rely on runtime observations collected from sandboxed executions to investigate...

Malicious code in wac-relay-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6742f4abdd6851c0f1a4f003f84ac7dca306f8b29a0bf39ad8e41b12a9680d32 The package wac-relay-runtime was found to contain malicious code. Source: ghsa-malware...

MAL-2026-202 Malicious code in wac-relay-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6742f4abdd6851c0f1a4f003f84ac7dca306f8b29a0bf39ad8e41b12a9680d32 The package wac-relay-runtime was found to contain malicious code. Source: ghsa-malware...

PYSEC-2026-143

vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...

CVE-2026-22773 vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions

vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...

CVE-2026-22030

CVE-2026-22030 affects React Router in combination with Remix v2 server runtime in Framework Mode or with React Server Actions (RSC). The vulnerability allows CSRF on document POST requests to UI routes when using server-side route actions, with no impact in Declarative Mode () or Data Mode (crea...

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

PT-2026-2138

Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.11.0 @remix-run/server-runtime versions prior to 2.17.3 Description React Router, used as a router for React applications, is susceptible to Cross-Site Request Forgery CSRF attacks. This affects document...