12931 matches found
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² linux-5.10
In the Linux kernel, the following vulnerability has been resolved: cifs: The xid leak in cifscopyfilerange has been fixed. If the file is used by swap, before returning -EOPNOTSUPP, the xid should be freed. Otherwise, the xid will be leaked...
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fixed a possible out-of-bounds string access issue. Enabling -Wstringop-overflow globally exposes a warning for a common bug in the use of strncat. drivers/edac/thunderxedac.c: In the function...
CVE-2026-47784
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...
CVE-2026-8627
The CVE-2026-8627 entry affects the WordPress plugin Correct Prices (
Exploit for Command Injection in Litellm
CVE-2026-42271 β LiteLLM Authenticated Command Injection via M...
MAL-2026-4406 Malicious code in @mcpassure/mcp-anvisa-bulario (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e846cabb7b5077244737d7a465e944ebe7635db46cc55e7e5736eeda47d30938 dist/bootstrap.js references a hardcoded URL on pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev β an anonymous Cloudflare R2 bucket β and calls fetch...
ROS-20260520-73-0056
Vulnerability in chromium related to memory usage after its release. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...
Linux Distros Unpatched Vulnerability : CVE-2026-42006
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this,...
ROS-20260520-73-0039
A vulnerability in the FedCM component of Google Chrome browser is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...
PT-2026-42202
The ocaml-TLS 1.3 client does not validate the KeyUsage and ExtendedKeyUsage extensions of the server certificate. This can lead to impersonation with a certificate issued to a client. Scenario Every employee at a major bank carries a smart card. The card holds a clientAuth certificate issued by...
PT-2026-42057
The θ¨ΊζγΈγ§γγ¬γΌγΏδ½ζγγ©γ°γ€γ³ Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021625)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021625 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelfind The per-netns IP tunnel hash tab...
CVE-2026-45232
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...
PT-2026-42203
The TLS server implementation does not validate the KeyUsage and ExtendedKeyUsage extensions of client certificates when mutually authenticated TLS is requested. This can lead to impersonation with a certificate issued to a server. Scenario An operations engineer enables mTLS on the admin endpoin...
ROS-20260520-73-0038
A vulnerability in the WebGPU component of the Google Chrome browser is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...
ROS-20260520-73-0036
A vulnerability in the Dawn component of Google Chrome browser is related to memory usage after release. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the sandbox protection mechanism using a specially crafted HTML page...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021581)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021581 advisory. In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset...
Malicious code in glass-of-water (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79336313f71fac8158ff6f3e0160d0e99a8d1d84c452505fd3739af5838a69 glassofwater/init.py embeds 10 Google Gemini API keys AIzaSy... split across 5-part dictionaries and reassembled at runtime by getapikey L6-19. The...
Malicious code in corelia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b637971f597ba9572b4cecfab0de4981d19620d585b1958b1bb37b004fae8f The package impersonates the popular pino logger README header 'corelia Pino', homepage https://getpino.io, main file pino.js, npm version badge...
CVE-2026-5511
In the web management interface of Archer AX72 SG v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. An authenticated attacker with administrative privileges could exploit this issue to confirm the...