Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed the response length checking for UD request packets. According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be considered invalid, and it shall be silently...

minmea 安全漏洞

Minmea is a lightweight GPS data parsing library developed by Kosma Moczek. Version 0.3.0 of Minmea contains a security vulnerability. This vulnerability stems from the format specifier used in the minmeascan function, which copies NMEA field data into the buffer provided by the caller without...

CVE-2026-39462

CVE-2026-39462 affects SenseLive X3050, where the web management interface fails to reliably apply password changes due to backend credential handling. After factory restore with SenseLive Config 2.0, the UI may indicate a successful password update while the system continues to accept previous o...

SAMSUNG Escargot 安全漏洞

SAMSUNG Escargot is a memory-optimized JavaScript engine developed by South Korea’s Samsung Corporation. It is suitable for mid-range devices such as smartphones, tablets, and TVs. SAMSUNG Escargot has a security vulnerability that stems from deserializing unreliable data, which can lead to proce...

NVIDIA DALI 代码问题漏洞

NVIDIA DALI is a data loading and preprocessing library developed by NVIDIA Corporation in the United States. NVIDIA DALI has code-related vulnerabilities; these vulnerabilities stem from the possibility of deserializing unreliable data, which may lead to the execution of arbitrary code...

ROS-20260407-73-0041

A vulnerability in the TLS traffic proxying mechanism of NGINX Plus and NGINX OSS web servers is related to the loading of external unreliable data along with reliable data. Exploitation of the vulnerability could allow an attacker acting remotely to inject data in plain text form...

FoSAM: Forward Secret Messaging in Ad-Hoc Networks

Apps such as Firechat and Bridgefy have been used during recent protests in Hong Kong and Iran, as they allow communication over ad-hoc wireless networks even when internet access is restricted. However, these apps do not provide sufficient protection as they do not achieve forward secrecy in...

CLIOPATRA: Extracting Private Information from LLM Insights

As AI assistants become widely used, privacy-aware platforms like Anthropic's Clio have been introduced to generate insights from real-world AI use. Clio's privacy protections rely on layering multiple heuristic techniques together, including PII redaction, clustering, filtering, and LLM-based...

Advisory ROSA-SA-2026-3180

Software: perl 5.26.3 OS: ROSA Virtualization 3.0 unaffected versions = perl-5.26.3-423.rv30 affected versions perl-5.26.3-423.rv30 CVE-ID: CVE-2025-40909 BDU-ID: 2025-10307 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Perl programming language interpreter is related to the use of an...

Advisory ROSA-SA-2026-3160

Software: perl 5.26.3 OS: ROSA Virtualization 3.1 unaffected versions = perl-5.26.3-423.rv31 affected versions perl-5.26.3-423.rv31 CVE-ID: CVE-2025-40909 BDU-ID: 2025-10307 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Perl programming language interpreter is related to the use of an...

ROS-20260216-73-0005

Vulnerability in unbound related to loading external unreliable data along with reliable data. Exploitation of the vulnerability may allow an attacker to execute arbitrary code...

ROS-20260205-73-0027

A vulnerability in the rseq.c component of the Linux operating system kernel is related to the reliance on unreliable input data to make security decisions. Exploitation of the vulnerability allows an attacker to impact the confidentiality and availability of protected information...

Binary-parser security vulnerability

Binary-parser is a build tool developed by Keichi Takahashi. Versions of Binary-parser prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of unreliable values in parsing field names or encoding parameters, which allowed those values to be directly insert...

Google Chrome: Input validation error vulnerability

Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of unreliable inputs during the download process...

Vulnerabilities fixed in Adobe Illustrator

Adobe has fixed vulnerabilities in Adobe Illustrator Specifically for versions 29.8.3, 30.0 and earlier. The vulnerabilities are in the way Adobe Illustrator handles specially crafted files. The first vulnerability involves an Unreliable Search Path issue that can lead to arbitrary code execution...

CVE-2010-0349

Cross-site scripting XSS vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be reproduced by the vendor, but a patch was provided anyway. The original researcher is reliable...

Exploit for CVE-2025-37164

CVE-2025-37164 A remote code execution issue exists in HPE O...

Jenkins < 2.528.3, 2.541 Multiple Vulnerabilities - Linux

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

Synology DiskStation Manager (DSM) Privilege Escalation (Synology-SA-24:27) - Unreliable Remote Version Check

Synology DiskStation Manager DSM is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Synology DiskStation Manager (DSM) RCE Vulnerability (Synology-SA-24:20) - Unreliable Remote Version Check

Synology DiskStation Manager DSM is prone to a remote code execution RCE vulnerability. This VT has been deprecated as a duplicate of the VT SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...