1665 matches found
PT-2026-42455
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue in the accel/ivpu component allows the re-exporting of imported GEM Graphics Execution Manager objects. This occurs because the system fails to verify if a buffer is imported...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iavf: Implement settime64 with -EOPNOTSUPP The ptpclocksettime function assumes that every ptpclock has implemented settime64. By using -EOPNOTSUPP as a stub, we prevent a NULL derefrence from occurring. This fix is similar to th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: gve: Implement gettimex64 with -EOPNOTSUPP. At this time, gve has implemented a ptpclock that exclusively uses doAuxWork. ptpClockgettime and ptpSysoffset assume that every ptpclock has implemented either gettimex64 or...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrackinsn The verifier skips invalid kfunc calls in checkkfunccall. Such calls would be caught by fixupkfunccall if they aren’t eliminated through dead code elimination. However, this can lead ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ice: ptp: do not emit a WARN when controlling PF is unavailable. In VFIO passthrough setups, it is possible to only pass through a PF that does not own the source timer. In such cases, the PTP controlling PF adapter-ctrlpf is nev...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: No longer allows guest users on multi-channel connections. This patch returns STATUSNOTSUPPORTED if the binding session is a guest session...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: added the missing negotiatefeatures operation to the Hyper-V ops table. The commit a7075f501bd3 “ixgbevf: fixed mailbox API compatibility by negotiating supported features” added the.negotiatefeatures callback to...
Astra Linux – Vulnerability in Python-Django
A issue was discovered in Django 5.0, prior to versions 5.0.7 and 4.2, prior to version 4.2.14. The getsupportedlanguagevariant function was susceptible to a denial-of-service attack when used with very long strings containing specific characters...
FreeBSD-SA-26:18.setcred
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:18.setcred Security Advisory The FreeBSD Project Topic: Stack buffer overflow via setcred2 Category: core Module: setcred Announced: 2026-05-20 Credits: Ryan...
Vaadin Build Plugins is Affected by a Possible Information Disclosure Vulnerability
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...
CVE-2026-8733
A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and...
MGASA-2026-0143 Updated golang packages fix security vulnerabilities
We are moving to a supported branch as ver. 1.24 reaches EOL. This update comes with the security vulnerabilities fixed in the 1.25 branch. Please see the links for details...
Updated golang packages fix security vulnerabilities
We are moving to a supported branch as ver. 1.24 reaches EOL. This update comes with the security vulnerabilities fixed in the 1.25 branch. Please see the links for details...
Joern 4.0.539
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
PT-2026-41125
Name of the Vulnerable Software and Affected Versions eMagicOne Store Manager versions prior to 1.3.3 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data...
SUSE CVE-2026-43346
In the Linux kernel, the following vulnerability has been resolved: ice: ptp: don't WARN when controlling PF is unavailable In VFIO passthrough setups, it is possible to pass through only a PF which doesn't own the source timer. In that case the PTP controlling PF adapter-ctrlpf is never...
EUVD-2026-29049
ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...
CVE-2026-6909
ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...
CVE-2026-6909 Reflected XSS in ATutor
ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...
EUVD-2026-28737
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted ...