CVE-2026-7729 pixelsock directus-mcp MCP index.ts validateUrl server-side request forgery

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...

Malicious Package

Overview @apple-pay-trust/validate-merchant is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

CVE-2026-7724 PrefectHQ prefect Webhook/Notification validate_restricted_url toctou

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

CVE-2026-7724

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetching the skb context after calling tipcmsgvalidate As shown in the call trace, the original skb was freed during the execution of tipcmsgvalidate. Dereferencing the old skb context would cause a “use-after-free” cras...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in iprouteusehint syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears the bug exists in latest trees. All calls to indevgetrcu must be checked for a NULL result. 1...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: Validates prevcpu in scxbpfselectcpudfl. If a BPF scheduler provides an invalid CPU outside the nrcpuids range as prevcpu to scxbpfselectcpudfl, it may cause a kernel crash. To prevent this, prevcpu is validated in...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dm raid: Fixing access issues beyond the end of the raid member array When the dm-raid table is loaded using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is determined by the...

Astra Linux – Vulnerability in libdata-validate-ip-perl

The Data::Validate::IP module in Perl version 0.29 does not properly handle extra zero characters at the beginning of an IP address string. In some cases, this allows attackers to bypass access controls that are based on IP addresses...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Do not corrupt interrupt mappings during watchdog probe failures When the driver probe fails due to invalid firmware properties, the GTDT driver unmaps the interrupt that was previously mapped. However, it never check...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/xe: Do not allow eviction of BOs within the same VM in an array of VM binds An array of VM binds may potentially evict other buffer objects BOs within the same VM under certain conditions, which could lead to NULL pointer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not treat wbconnector as a physical device in createvalidatestreamforsink. Do not attempt to operate on drmwbconnector as an amdgpudmconnector. While dereferencing connector-base may “work”, it is incorrect an...

SUSE CVE-2026-31707

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipcvalidatemsg ipcvalidatemsg computes the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon response to a fixed struct size in...

CVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipcvalidatemsg ipcvalidatemsg computes the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon response to a fixed struct size in...

CVE-2026-31707

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipcvalidatemsg ipcvalidatemsg computes the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon response to a fixed struct size in...

EUVD-2026-26516

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipcvalidatemsg ipcvalidatemsg computes the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon response to a fixed struct size in...

CVE-2026-31707

The CVE-2026-31707 issue affects the Linux kernel ksmbd component. The overflow vulnerability in ipc_validate_msg() arises from arithmetic on attacker-controlled fields when computing per-response message sizes, allowing wraparound in three cases (RPC_REQUEST, SHARE_CONFIG_REQUEST, LOGIN_REQUEST_...

CVE-2026-31706

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate numaces and harden ACE walk in smbinheritdacl smbinheritdacl trusts the on-disk numaces value from the parent directory's DACL xattr and uses it to size a heap allocation: acesbase = kmallocsizeofstruct smbace...

n8n-mcp's IPv4-mapped IPv6 addresses bypass SSRF protection in validateUrlSync(), enabling full SSRF for SDK embedders

Impact In the SDK embedder path N8NDocumentationMCPServer constructor, getN8nApiClient, and validateInstanceContext, the synchronous URL validator in SSRFProtection.validateUrlSync had no IPv6 checks. IPv4-mapped IPv6 addresses such as http://::ffff:169.254.169.254 bypassed the cloud-metadata,...

Prototype Pollution

Axios is vulnerable to Prototype Pollution. The vulnerability is due to use of the in operator in the mergeDirectKeys strategy for validateStatus, which traverses the prototype chain, allowing a polluted Object.prototype.validateStatus to override behavior and treat all HTTP responses as...