2224 matches found
EUVD-2026-40280
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...
CVE-2026-43724
The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination or write kernel memory...
EUVD-2026-39753
Unauthenticated Cross Site Request Forgery CSRF in Abandoned Cart Lite for WooCommerce = 6.8.0 versions...
EUVD-2026-39747
Administrator SQL Injection in Popup box = 6.0.1 versions...
EUVD-2026-39743
Subscriber Server Side Request Forgery SSRF in Kirki = 6.0.11 versions...
CVE-2026-27366
Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...
EUVD-2026-39362
Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...
CVE-2026-46098 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-46098 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-45846 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-45846 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-45835 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-45835 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-45840 affecting package kernel for versions less than 6.6.141.1-1
CVE-2026-45840 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...
EUVD-2026-11599
OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature...
NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding
NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Fix to avoid panic in f2fsevict inode As syzbot 1 reported as follows: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 --- End trace:...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: A potential NULL pointer dereferencing has been fixed in ocfs2setbufferuptodate. During cleanup, if flags do not include OCFS2BHREADAHEAD, it may trigger a NULL pointer dereferencing in the ocfs2setbufferuptodate function,...
Astra Linux – Vulnerability in Squid
Squid is a caching proxy for the Web. Due to a bug related to expired pointer references, Squid versions prior to 6.6 were vulnerable to a Denial of Service attack targeting error responses from the Cache Manager. This vulnerability allowed a trusted client to cause a Denial of Service attack by...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: The commit 7ba5ca32fe6e “ALSA: firewire-lib: operate for period elapse event in process context” removed the process context workqueue from amdtpdomainstreampcmpointer and updatepcmpointers, thereby eliminating its overhead. With...
Astra Linux – Vulnerability in Node-Elliptic
The verify function in lib/elliptic/eddsa/index.js within the Elliptic package, as of version 6.5.6 for Node.js, omits the validation of the condition “sig.S.gtesig.eddsa.curve.n || sig.S.isNeg”...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Release the hbalock before calling lpfcworkerwakeup. The lpfcworkerwakeup function calls the lpfcworkdone routine, which requires holding the hbalock. Therefore, lpfcworkerwakeup should not be called while holding the...
Astra Linux – Vulnerability in ffmpeg5
Buffer overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code and cause a denial of service DoS via the afdialoguenhance.c:261:5 in the destereo component...