CVE-2026-41571

CVE-2026-41571 affects Note Mark (v0.19.2) where IsPasswordMatch falls back to a hard-coded bcrypt("null") placeholder for users with no stored password. OIDC-registered users are created with an empty password, so submitting password: "null" to the internal login endpoint grants a valid session—...

EUVD-2026-27057

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

CVE-2026-24781 vm2: Sandbox Breakout Through Inspect

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been...

CLSA-2026-1777883671 nginx: Fix of 2 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when authentication retry is enabled with CRAM-MD5 or APOP - CVE-2026-32647: fix buffer over-read/write in ngxhttpmp4module when processing crafted mp4 files with empty stco/co64 atoms...

CVE-2026-7737

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...

Prefect Git Argument Injection in GitRepository Pull Steps

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...

EUVD-2026-26882

A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function getdoccontent/readdoc/updatedoc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal. The attack can be launched remotely. The exploit is publicly...

CVE-2026-7723

Technical details about CVE-2026-7723 are not publicly available in the provided documents. Monitor for official updates and patches; upgrading to 3.6.14 is mentioned in the description as a fix.

Wear OS Security Bulletin—May 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2026-05-05 or later from the May 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

Android Automotive OS Update Bulletin—May 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2026-05-05 or later from the May 2026 Android Security Bulletin in addition to all issues in this...

Android XR Bulletin—May 2026Stay organized with collectionsSave and categorize content based on your preferences.

The XR Security Bulletin contains details of security vulnerabilities affecting the XR platform. The full XR update comprises the security patch level of 2026-05-05 or later from the May 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage all customers to accep...

Astra Linux - уязвимость в gpac

A vulnerability was discovered in GPAC version 2.4. It has been rated as problematic. The affected function is gfdashdownloadinitsegment in the file src/mediatools/dashclient.c. Manipulating the baseiniturl argument leads to a null pointer dereference. This attack can be launched remotely. The...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

Dm-verity is used to extend the root-of-trust to root file systems. LoadPin builds upon this feature to restrict module/firmware loads to only the trusted root file system. Currently, device-mapper table reloads allow users with root privileges to replace the target with an equivalent dm-linear...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Purge error queues in socket destructors When TX timestamping is enabled via SOTIMESTAMPING, SKBs may be queued into skerrorqueue and remain there until they are consumed. If userspace never gets to read the...

Astra Linux - уязвимость в python-pip

When extracting a tar archive, pip may not check symbolic links pointing into the extraction directory if the tarfile module does not implement PEP 706. Note that upgrading pip to a “fixed” version does not fix all vulnerabilities that are mitigated by using a Python version that implements PEP...

Astra Linux - уязвимость в linux-5.10

A double-free bug in the packetsetring function in net/packet/afpacket.c can be exploited by a local user through crafted syscalls to escalate privileges or deny services. We recommend upgrading the kernel to a version that is not affected by this bug, or rebuilding the code after the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validating the payload size in the IPC response When installing malicious ksmbd-tools, ksmbd.mountd may return an invalid IPC response to the ksmbd kernel server. ksmbd should validate the payload size of the IPC response...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Disable SCO support if READVOICESETTING is not supported/broken. A SCO connection with incorrect voice settings can cause the controller to lock up...

CVE-2026-23255 affecting package kernel for versions less than 6.6.137.1-1

CVE-2026-23255 affecting package kernel for versions less than 6.6.137.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-7598

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name of the patch is...