287 matches found
GHSA-XGX4-4H9W-53PV AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle
Summary This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The āsampleā local struct is used to push data to user space from a triggered buffer. However, there is a flaw in this structure regarding the values of temperature...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchipsaradc: fixed information leakage in the triggered buffer. The ādataā local struct is used to push data to user space from a triggered buffer. However, it does not set values for inactive channels, as it only us...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fixed information leakage in triggered buffers. The ābufferā local array is used to push data to user space from a triggered buffer. However, it does not set values for inactive channels, as it only uses...
PT-2026-42105
A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user...
EUVD-2026-30925
Any guest can cause xenstored to crash by issuing a XSRESETWATCHES command within a transaction due to an assert triggering. In case xenstored was built with NDEBUG defined nothing bad will happen, as assert is doing nothing in this case. Note that the default is not to define NDEBUG for xenstore...
EUVD-2026-28585
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Remove a user-triggerable WARN on nestedsvmloadcr3 succeeding Drop the WARN in svmsetnestedstate on nestedsvmloadcr3 failing as it is trivially easy to trigger from userspace by modifying CPUID after loading CR3. E.g...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: virtioring: Fix data race by tagging eventtriggered as racy for KCSAN syzbot reports a data-race when accessing the eventtriggered, here is the simplified stack when the issue occurred:...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iiosimplydummybuffer: fixed the information leak in the triggered buffer. The data array is allocated using kmalloc, and it is used to push data to user space from the triggered buffer. However, it does not set values...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The ābufferā local array is used to push data to user space from a triggered buffer. However, it does not set an initial value for the single data element, which is a...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses...
CVE-2026-34066 nimiq-blockchain: Peer-triggerable panic during history sync
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During histo...
nimiq-blockchain: Peer-triggerable panic during history sync
Impact HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During history sync, a peer can influence the history: &HistoricTransaction input passed into...
CVE-2026-40581
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint SelectDelete.php performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a...
Server-side Request Forgery (SSRF)
Overview openclaw is a š¦ OpenClaw ā Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Interaction-Triggered Navigation. An attacker can access internal resources by triggering browser interactions that bypass normal navigation check...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006693)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006693 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref BUG Syzbot reported several...
CVE-2026-32937
This CVE affects free5GC CHF prior to v1.2.2, where an out-of-bounds slice access in nchf-convergedcharging RechargePut(...) can be triggered by an authenticated PUT to /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=.... The result is a server-side panic converted to HTTP 500 by Gin, ena...
CVE-2026-1992
The ExactMetrics ā Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...
CVE-2026-1992 ExactMetrics 8.6.0 - 9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation
The ExactMetrics ā Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...
PT-2026-24655
šØ CVE-2026-1992 The ExactMetrics ā Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the store settings method in the ExactMetrics Onboarding class accepting a user-supplied triggered by parameter that...