Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fixed a possible out-of-bounds string access issue. Enabling -Wstringop-overflow globally exposes a warning for a common bug in the use of strncat. drivers/edac/thunderxedac.c: In the function...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: - For partitions: fixed handling of bogus partition tables. Several issues in partition probing have been fixed: - The bailout mechanism for a bad partoffset must use putdevsector, since the previous readpartsector operation...

Astra Linux - уязвимость в yajl

In the yajl-ruby gem version 1.3.0 for Ruby, when a properly crafted JSON file is provided to Yajl::Parser.new.parse, the entire Ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This causes the entire Ruby process to terminate, potentially leading to a denial ...

Astra Linux - уязвимость в binutils

The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc calls with an integer overflow result or potentially have unspecified other impacts through a crafted string, as demonstrated by c++filt...

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

PT-2026-42174

Name of the Vulnerable Software and Affected Versions Twig versions prior to 3.26.0 Description When a sandbox is enabled selectively via SourcePolicyInterface rather than globally, a sandboxed template permitted to use template from string and include can render an arbitrary inner template witho...

PhoenixStorybook 安全漏洞

PhoenixStorybook is an open-source component display and interaction debugging UI tool developed by Phenix Digital. Versions of PhoenixStorybook from 0.2.0 to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the unauthorized conversion of user-provided string parameter...

PT-2026-42173

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The Compiler::string function fails to escape single quotes when generating PHP double-quoted string literals. In ModuleNode::compileConstructor, template names from a % use % tag are processed...

Unity Linux 20.1070e Security Update: mpv (UTSA-2026-021502)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021502 advisory. A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file. Tenable has...

Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string

Summary dasel's selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash e.g., "\ or '. A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8...

GHSA-M5J3-4634-C2VQ Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string

Summary dasel's selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash e.g., "\ or '. A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the nuxtisland endpoint when responses are not properly bound to request props, allowing shared-cache poisoning. An attacker can cause users to receive attacker-controlled HTML by priming a shared cache with...

Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching

Summary The fetch-apify-docs tool validates URLs against a domain allowlist using String.startsWith instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains e.g., https://docs.apify.com.evil.com/, enabling the tool to fetch and return arbitrary web content ...

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

GHSA-24C8-4792-22HX Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString

Summary ArrayFunctions.InsertAt in Scriban allocates index - list.Count null entries in a tight C for loop with no bound on index. The function is exposed to template authors as array.insertat, and the fill loop ignores every existing safety control: LoopLimit, LimitToString, ObjectRecursionLimit...

Scriban: array.insert_at index parameter DoS bypasses LoopLimit and LimitToString

Summary ArrayFunctions.InsertAt in Scriban allocates index - list.Count null entries in a tight C for loop with no bound on index. The function is exposed to template authors as array.insertat, and the fill loop ignores every existing safety control: LoopLimit, LimitToString, ObjectRecursionLimit...

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

glib: Integer overflow in in g_escape_uri_string()

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

qs: qs: Denial of Service via improper input validation in array parsing

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

glib: Integer overflow in in g_escape_uri_string()

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...