CVE-2026-56371

A memory leak flaw was found in ImageMagick. Processing specially crafted TXT files with malicious texture attributes can exhaust system memory, allowing an attacker to cause a Denial of Service DoS. Mitigation If your application does not explicitly require rendering TXT files via ImageMagick, y...

Astra Linux – Vulnerability in cloud-init

In cloud-init through 25.1.2, the systemd socket unit “cloud-init-hotplugd.socket” is included, with a default SocketMode of 0666, allowing world-write permissions. This socket is used for the /run/cloud-init/hook-hotplug-cmd FIFO. A non-privileged user can trigger the hotplug-hook commands...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: xhciplatremove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a “usb: host: xhci-plat: omit shared hcd if either root hub has no ports”, xhci-sharedhcd can be NULL, which causes the following...

Astra Linux – Vulnerability in Systemd

A issue was discovered in buttonopen in the login/logind-button.c file in systemd before version 243. When executing the udevadm trigger command, a memory leak may occur...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INTMAX When sysctlnropen is set to a very high value for example, 1073741816 as set by systemd, processes attempting to use file descriptors near the limit may trigger massi...

Astra Linux – Vulnerability in Systemd

Before version 247, systemd does not properly prevent local privilege escalation for certain Sudo configurations. For example, plausible sudoers files may allow the execution of the “systemctl status” command. Specifically, systemd does not set LESSSECURE to 1, allowing other programs to be...

RHSA-2026:25900 Red Hat Security Advisory: systemd security update

Bulletin has no description...

systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data

A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication IPC API call with spurious data. In older versions v249 and earlier, this can lead to stack overwriting with attacker-controlled content,...

Moderate: Red Hat Security Advisory: systemd security update

An update for systemd is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 10 : systemd (RHSA-2026:25900)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25900 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive...

CVE-2026-54231

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

CVE-2026-54231 Abrt: unsanitized systemd journal content written to dump directory files enables content injection

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

CVE-2026-54231 Abrt: unsanitized systemd journal content written to dump directory files enables content injection

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

CVE-2026-54231

CVE-2026-54231 affects ABRT’s post-create event handler scripts in libreport. The event script reads journal entries for the crashed process and writes results to files in the dump directory without sanitizing embedded control characters. A local user can inject arbitrary content into the journal...

EulerOS Virtualization 2.13.0 : systemd (EulerOS-SA-2026-2419)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config...

CVE-2026-45549

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

Malicious code in hex-type (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7d0271fe97ea66e9ff2ba3a0ea225364324f28138af32c337d6ed8b2b99e5ad Package metadata description "A universally-unique, lexicographically-sortable, identifier generator", homepage github.com/ulid/javascript, build...

MAL-2026-5538 Malicious code in hex-type (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7d0271fe97ea66e9ff2ba3a0ea225364324f28138af32c337d6ed8b2b99e5ad Package metadata description "A universally-unique, lexicographically-sortable, identifier generator", homepage github.com/ulid/javascript, build...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : systemd vulnerabilities (USN-8402-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8402-1 advisory. It was discovered that systemd-nspawn incorrectly handled certain optional configuration files. A local attacker could possibly use...

CVE-2026-45549

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...