1693 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Preventing memory corruption due to DMA mapping failures If msdcpreparedata fails to map the DMA region, the request is not prepared for data reception. However, msdcstartdata proceeds with the DMA operation using the...
Astra Linux – Vulnerability in Firefox
A stop condition for the iterator was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running. This vulnerability affects Firefox versions less than 12...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: In usbnet, there was a flaw where unregisternetdev was called before -unbind. The commit with the commit ID 2c9d6c2b871d “usbnet: run unbind before unregisternetdev” was intended to fix a use-after-free issue when disconnecting U...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: – In ext4, there’s a issue where the timer used after free is corrupted upon a failed mount. Syzbot has identified an ODEBUG bug in the ext4fillsuper function. The deltimersync function cancels the serrreport timer, which...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: kunit: Fixed the kthread reference issue. There is a race condition that occurs when a kthread completes its operation after the deadline but before the call to kthreadstop. This may lead to objects being used after they have bee...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: igb: The napisynchronize function was removed from igbdown. When an AFXDP zero-copy application terminates abruptly e.g., using kill -9, the XSK buffer pool is destroyed, but NAPI polling continues. The igbcleanrxirqzc functio...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: “Revert ‘media: iris’: Add a sanity check for stopping streaming.” This change is reflected in the commit ad699fa78b59241c9d71a8cafb51525f3dab04d4. The check that previously skipped “stopstreaming” when the instance was in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: ipa: fixed the field masks for the GENERICCMD register for IPA v5.0+. The field masks have been adjusted to match the hardware layout documented in downstream GSI GSIV30EEnGSIEEGENERICCMD. Notably, this fixes a warning that ...
PT-2026-50829
Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP affected versions not specified Description An Expected Behavior Violation allows a remote attacker to cause a denial-of-service DoS condition. By continuously...
CVE-2026-48876
Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...
CVE-2026-48876 WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...
EUVD-2026-36853
Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...
CVE-2026-48876
CVE-2026-48876 is an unauthenticated XSS in the WordPress Stop Spammers plugin (versions
PT-2026-49483
Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...
CVE-2026-41662
Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...
CVE-2026-5741
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stopcontainer/removecontainer/pullimage of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried out...
CVE-2026-42276
Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/chatsessionid endpoint lets any authenticated user stop any other user's active chat session. The endpoint checks authentication but never verifies the session belongs to the caller. An...
CVE-2026-39848
Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop= or...
CVE-2026-45399
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...
PT-2026-46327
Unauthenticated Local File Inclusion in AirSupply = 2.0.0 versions...