5771 matches found
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Bonding: Annotate the data races around slave-lastrx. slave-lastrx and slave-targetlastarprx... can be read and written without locking. Add READONCE and WRITEONCE annotations. syzbot reported: BUG: KCSAN: Data race in...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: scsi: target: The ttaskcdb pointer is reset in the error case. If the allocation of cmd-ttaskcdb fails, it remains NULL, but it is later referenced in the ‘err’ path. In case of an error, the NULL ttaskcdb value is reset to point...
OESA-2026-2702 busybox security update
BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: BusyBox...
OESA-2026-2701 busybox security update
BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: BusyBox...
OESA-2026-2700 busybox security update
BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: BusyBox...
CVE-2026-55568
Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials the Proxy-Authorization header, proxy userinfo in the proxy URL, or CURLOPTPROXYUSERPW...
MAL-2026-6317 Malicious code in ts-bn-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e591f0b407bc22e3abe20da9207df2d2922f75d98ab97aaa62557ca88b8fc349 [email protected] is a credential harvester disguised as a TypeScript/lint utility. index.js defines decodeStr which base64-decodes all operationally...
CVE-2026-56694
NanoClaw
DEBIAN-CVE-2026-44889
WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...
CVE-2026-44889
WebOb (HTTP request/response utilities) is affected prior to version 1.8.10 by an open redirect in Location header normalization during redirects. The vulnerability arises from how WebOb uses urljoin/urlsplit to combine the redirect target with the request URL; since Python 3.10, urlsplit strips ...
golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...
CVE-2026-8823
Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...
golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...
Joplin Plugin Persistence
This module installs a malicious Joplin plugin .jpl into the target's Joplin plugin directory. The plugin executes the payload each time Joplin is launched, providing persistent code execution. Joplin can not be running at the time of plugin installation, or it will be overwriten at shutdown. The...
CVE-2026-9143
There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...
Astra Linux – Vulnerability in Linux
In the drivers/target/targetcorexcopy.c file within the Linux kernel, prior to version 5.10.7, insufficient identifier checking in the LIO SCSI target code could be exploited by remote attackers to read or write files through directory traversal in an XCOPY request, known as CID-2896c93811e3. For...
PT-2026-51047
Name of the Vulnerable Software and Affected Versions py7zr version 1.1.0 Description An arbitrary file write issue exists when using the extractall function to extract an archive. The software fails to properly restrict the targets of symbolic links, allowing crafted malicious symbolic link chai...
Oracle Enterprise Manager Cloud Control (June 2026 CSPU)
The 13.5 and 24.1 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Target...
CVE-2026-8811
SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations...
CVE-2026-8811 Path traversal in PDF generation module
SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations...