GHSA-RXF6-WJH4-JFJ6 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Summary createAlertRule and createService and their update siblings accept FailTriggerTasks uint64 and RecoverTriggerTasks uint64 — IDs of cron tasks to fire when the alert/service trips. The validation function only validates the alert's Rules.Ignore server map; it never checks that the cron tas...

GHSA-3G33-6VG6-27M8 Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger

Summary The Fission router registers an internal-style route — /fission-function/ and /fission-function// — for every Function object, independent of whether any HTTPTrigger exists for that function. The route was mounted on the same listener as user-defined HTTPTriggers svc/router, port 8888, so...

Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger

Summary The Fission router registers an internal-style route — /fission-function/ and /fission-function// — for every Function object, independent of whether any HTTPTrigger exists for that function. The route was mounted on the same listener as user-defined HTTPTriggers svc/router, port 8888, so...

PT-2026-42685

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description The Fission router registers internal routes '/fission-function/' and '/fission-function//' for every function object, regardless of whether an HTTPTrigger exists. Because these routes are mounted o...

PT-2026-42589

Summary The Fission router registers an internal-style route — /fission-function/ and /fission-function// — for every Function object, independent of whether any HTTPTrigger exists for that function. The route was mounted on the same listener as user-defined HTTPTriggers svc/router, port 8888, so...

MAL-2026-4194 Malicious code in libhmac (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fccbd481dd2bd04274c5045995a08ddbcf302780c24f39eb63821d5d63a998d1 The PyPI name 'libhmac' matches the well-known libyal/libhmac C forensics library HMAC primitive, but the package contents have nothing to do with HM...

CVE-2026-44608

Summary: NLnet Labs Unbound versions 1.14.0–1.25.0 contain a locking inconsistency in RPZ handling that can cause a heap use-after-free and crash under specific multi-threaded conditions when an RPZ XFR reload occurs and an RPZ zone is loaded with rpz-nsip or rpz-nsdname triggers. An attacker wou...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: TCP: Fixed corruption in MPTCP’s DSS due to large PMTU transmissions. Syzkaller was able to trigger DSS corruption: TCP: requestsocksubflowv4: Possible SYN flooding on port :::20002. Sending cookies. ———————— Cut here ———...

Astra Linux - уязвимость в systemd

A issue was discovered in buttonopen in the login/logind-button.c file in systemd before version 243. When executing the udevadm trigger command, a memory leak may occur...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Resets queuepriorityhint when parking Originally, with strict order execution, we could only complete execution when the queue was empty. Preempt-to-busy allows for replacing an active request that may complete befor...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint, the netlink PM traverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91adc: fixed a possible memory leak in at91adcallocatetrigger If iiotriggerregister returns an error, it should call iiotriggerfree to release the reference held by iiotriggeralloc, so that it can call iiotrigrelease ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fixed a use-after-free in epremovewaitqueue If a non-root cgroup is removed while there is a thread that registered a trigger and is polling on a pressure file within the cgroup, the polling waitqueue will be freed in...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status as a bitmask carrying the received sub-options, with additional information carried in several bitfields for each suboption. Zeroing the bitma...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: nfsd: Call cacheput if xdrreservespace returns NULL If there is not enough buffer space available, but idmaplookup triggers lookupfn, which calls cacheget and returns successfully. In this case, we fail to call cacheput, which is...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irqwork has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irqworkrunli...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Blocking calls to interrupt handlers without triggering them The trigger pointer of the vfiofslmcirqy object is initially NULL, and it may become NULL if the user sets the trigger parameter of eventfd to -1. The...

Astra Linux - уязвимость в runc-app

Runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, an attacker can trick runc into binding /dev/pts/$n to /dev/console. Normally, these paths are made read-onl...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix a possible memory leak in iiosysfsTrigInit The devsetname function allocates memory for the device name. This memory needs to be freed when deviceadd fails. After calling putdevice, the reference held by...

MAL-2026-4560 Malicious code in fca-official-uzair-rajput (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83c96ed99bb1a48e80228ec0ca012c1dbb7817fe1dbbd492fcb3d2927805f29e fca-official-uzair-rajput is a Facebook chat API library whose only documented entry point, login, invokes an auto-update routine on every call when...