Unity Linux 20.1070e Security Update: hdf5 (UTSA-2026-017779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017779 advisory. A SIGFPE signal is raised in the function H5Dselectio of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because ...

JLSEC-2026-463 Mbed TLS timing side channel in RSA and CBC/ECB decryption

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel in RSA and CBC/ECB decryption that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected...

NPM: mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`

NPM: mcp-data-vis vulnerable to denial of service via unsanitized select key lookup on Object.prototype with precompile: true vulnerability discovered by ? in WordPress Npm icu-minify versions = 4.9.1...

mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`

Summary icu-minify's runtime formatter resolves select branches by looking up the runtime value as a plain property on a prototype-bearing object. When the value coerces to a key that exists on Object.prototype e.g. toString, proto, constructor, hasOwnProperty, valueOf, the lookup returns a truth...

Prototype Pollution

Overview icu-minify is an ICU message format compiler with a 1KB runtime bundle footprint Affected versions of this package are vulnerable to Prototype Pollution via the formatSelect function. An attacker can cause the application to crash and trigger a server error by supplying specially crafted...

GHSA-C2Q3-P4JR-C55F Grav Vulnerable to XSS via Taxonomy Field Values in Admin Panel

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Grav CMS Form plugin's select field template. Taxonomy tag and category values are rendered with the Twig |raw filter in the admin panel, bypassing the global autoescape protection. An editor-level user can inject arbitrary...

PT-2026-37281

Name of the Vulnerable Software and Affected Versions Grav CMS Form plugin versions prior to 9.1.0 Description A Stored Cross-Site Scripting XSS issue exists in the select field template of the Grav CMS Form plugin. Taxonomy tag and category values are rendered using the Twig |raw filter in the...

MAL-2026-3270 Malicious code in @bcs-react-ui/select (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f13a9b44b9cd000d9cc8fbcd4cbc765178ea32a471cd8b339d4ebdda4182d52 The package @bcs-react-ui/select was found to contain malicious code. Source: ghsa-malware...

Astra Linux - уязвимость в mariadb-10.3

MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb: scarlett2: Fixed missing NULL checks. The scarlett2inputselectctlinfo function sets up the string arrays using kasprintf, but it fails to perform NULL checks. This could lead to NULL dereferencing errors. We need to ad...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: Fix possible NULL dereference In a call to mac80211hwsimselecttxlink the sta pointer might be NULL, thus need to check that it is not NULL before accessing it...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: fix potential memory leak in damonreclaiminit damonreclaiminit allocates a memory chunk for ctx with damonnewctx. When damonselectops fails, ctx is not released, which will lead to a memory leak. We should relea...

Astra Linux - уязвимость в postgresql-11

An information leak was discovered in PostgreSQL versions prior to 13.2, before 12.6, and before 11.11. A user with UPDATE permission but without SELECT permission for a specific column could create queries that, under certain circumstances, might reveal values from that column in error messages...

Astra Linux - уязвимость в qemu

An “off-by-one” error was detected in the SCSI device emulation in QEMU. This error could occur during the processing of MODE SELECT commands in modesensepage, if the ‘page’ argument is set to MODEPAGEALLS 0x3f. A malicious guest could exploit this flaw to potentially cause QEMU to crash, resulti...

Astra Linux - уязвимость в ruby-rails-html-sanitizer

Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there was a potential XSS vulnerability with certain configurations of Rails::Html::Sanitizer, due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer might allow an attacke...

Astra Linux - уязвимость в freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the URBDRC client used server-supplied interface numbers as array indices without bounds checks, resulting in a out-of-bounds read in libusbudevselectinterface. This vulnerability has been fixed in version...

Astra Linux - уязвимость в sqlite3

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: spi-rockchip: Fixed out-of-bounds access to registers Do not implement native chip-select logic for GPIO chip selections. GPIOs can be numbered much higher than native CS. Additionally, such implementation makes no sense...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in respmodeselect+0xa4c/0xb40 drivers/scsi/scsidebug.c:2509...

Astra Linux - уязвимость в sqlite3

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...