CVE-2026-9359 Edimax EW-7438RPn POST Request formHwSet command injection

A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by this vulnerability is the function formHwSet of the file /goform/formHwSet of the component POST Request Handler. The manipulation of the argument...

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version has a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the command parameter in the setTracerouteCfg...

Analyzing Concentration, Temporal Routines and Targeting in Public Ransomware Leak Site Data

Ransomware has grown to become one of the most damaging types of cybercrime, affecting private and public organizations in any sector. While early types of ransomware targeted many victims via automated attacks, ransomware groups have started to specifically target organizations and companies in...

Ubuntu 25.10 / 26.04 LTS : Bubblewrap vulnerability (USN-8288-1)

The remote Ubuntu 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8288-1 advisory. It was discovered that Bubblewrap incorrectly handled the sandbox setup phase when installed in setuid mode. A local attacker could possibly use this issu...

PT-2026-42731

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP MSG MANAGEMENT message to set an unvalidated negative log announce interval value in the port's data set. When a subsequent PT...

JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

Summary js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property, so the for…in enumerates it and the targetkey = sourcekey write triggers the...

GHSA-QJX8-664M-686J JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

Summary js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property, so the for…in enumerates it and the targetkey = sourcekey write triggers the...

GHSA-Q2F7-M237-V562 @hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified condition operators

Impact: @hulumi/policies versions before 1.3.2 only checked exact AWS IAM StringLike/StringEquals condition operator keys in GOIDC1. Set-qualified operators such as ForAnyValue:StringLike could hide wildcard GitHub Actions OIDC sub conditions from the mandatory guardrail. Patched in 1.3.2: the AW...

@hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified condition operators

Impact: @hulumi/policies versions before 1.3.2 only checked exact AWS IAM StringLike/StringEquals condition operator keys in GOIDC1. Set-qualified operators such as ForAnyValue:StringLike could hide wildcard GitHub Actions OIDC sub conditions from the mandatory guardrail. Patched in 1.3.2: the AW...

nimiq-blockchain: Genesis batch set request

Impact A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates backwards through macro blocks using Policy::macroblockbefore. When it reaches the genesis block number, macroblockbefore panics...

GHSA-VGHX-352F-93JM nimiq-blockchain: Genesis batch set request

Impact A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates backwards through macro blocks using Policy::macroblockbefore. When it reaches the genesis block number, macroblockbefore panics...

CVE-2026-39461

libcasper3 communicates with helper processes via UNIX domain sockets, and uses the select2 system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select2's descriptor set size limit of FDSETSIZE 1024. An attacker able to cause an...

PT-2026-42671

Impact A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get epoch chunks which iterates backwards through macro blocks using Policy::macro block before. When it reaches the genesis block number, macro block before...

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path

The Qualys Threat Research Unit TRU has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel's ptracemayaccess function that permits an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed a NULL pointer dereference in amdgpudmi2cxfer. When ddcserviceconstruct is called, it explicitly checks both the link type and whether there is something on the link that will determine whether the pin is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Free the “struct kvmcpuidentry2” array after a post-KVMRUN KVMSETCPUID,2 operation. The “struct kvmcpuidentry2” array is freed only in case of failure after a post-KVMRUN KVMSETCPUID,2 operation. This fixes a memory lea...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: block: Disable the elevator delgendisk. The elevator is only used for file system operations, which are halted during delgendisk. Disabling the elevator and freeing the scheduler tags should be moved to the end of delgendisk,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Do not allow SETID to refer to another table. When performing lookups for sets within the same batch using their IDs, a set from a different table can be utilized. However, when the table is removed, a...

Astra Linux - уязвимость в linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: restore set elements when delete set fails From the abort path, nftmapelemactivate needs to restore refcounters to their original state. Currently, it uses set-ops-walk to iterate over these set elements. The...