EUVD-2026-39484

pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes...

CVE-2026-55698

pnpm advisory (CVE-2026-55698) affects pnpm by allowing a crafted env lockfile in pnpm-lock.yaml to bypass fresh package-manager resolution and cause installation of bytes selected by the lockfile state. The issue occurs prior to 10.34.2 and 11.5.3, which have fixed the vulnerability. The vulnera...

PT-2026-52523

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.2 pnpm versions prior to 11.5.3 Description pnpm persists package-manager bootstrap metadata within the first YAML document of the pnpm-lock.yaml file. The software trusted previously resolved...

CURL-CVE-2026-11856 cross-origin Digest auth state leak

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: fix ref leak when switching zones When switching zones or network namespaces without performing a ct clear between them, a reference to the old ct entry is still leaked. This occurs because tcfctskbnfctcached...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fixed the warning during failed attribute validation. The TCAMPLSLABEL attribute is of type NLAU32, but its validation type is NLAVALIDATEFUNCTION. This is an invalid combination according to the comment above...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fixed the dead loop in MPLS parsing. An unexpected MPLS packet may not end with the bottom label stack. When there are multiple stacks, the label count value wraps around. This can lead to a dead loop, causing a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed a use-after-free in printgraphfunctionflags during tracer switching. Kairui reported a UAF issue in printgraphfunctionflags during ftrace stress testing 1. This issue can be reproduced by putting a ‘mdelay10’ after...

CVE-2026-56099

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read in sys/netmpls/mpls_input.c:mpls_do_error, allowing remote disclosure of kernel stack memory by crafting MPLS frames with 16 labels and no Bottom-of-Stack bit. Affected component is the MPLS input handling path; root cause ...

The Hidden Security Risk in Modern Networks: The Work Between Tools

Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But the same challenges persist. Outages still last hours, causing significant...

CVE-2026-43974

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

Gun 安全漏洞

Gun is an open-source Erlang HTTP client developed by Nine Nines that supports HTTP/1.1, HTTP/2, and WebSocket. Versions of Gun from 2.0.0 to 2.4.0 contained security vulnerabilities. These vulnerabilities stemmed from unexpected status codes or return values in the gunhttp module, which could...

PT-2026-47300

Name of the Vulnerable Software and Affected Versions gun versions 2.0.0 through 2.3.x Description An issue in the gun http module allows a malicious HTTP server to force a client into raw protocol mode by sending an unsolicited 101 Switching Protocols response. In the handle inform/8 function, t...

UBUNTU-CVE-2026-45911

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. T...

CVE-2026-45911 usb: cdns3: fix role switching during resume

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. T...

CVE-2026-45911

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. T...

CVE-2026-45911

usb: cdns3: fix role switching during resume...

PT-2026-43778

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the cdns3 driver when a role switch to host mode happens during the system resume process. The start operation of the host role registers a xhci-hcd...

Netatalk 竞争条件问题漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.2.5 to 4.4.2 of Netatalk contained a race condition vulnerability. This vulnerability stemmed from a race condition in t...

Astra Linux - уязвимость в postgresql-11

Row security policies ignore changes to user IDs after inline operations. PostgreSQL may allow incorrect policies to be applied in certain cases where role-specific policies are used, and where a given query is planned to be executed under one role and then executed under another role. This...