Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Ring-buffer: Fixed the possibility of dereferencing an uninitialized pointer. There is a pointer called headpage in the function rbmetavalidateevents. This pointer is not initialized at the beginning of the function. This pointer...

Astra Linux - уязвимость в php7.3

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21, and 8.0.x below 8.0.8, when using URL validation functionality via the filterVar function with the FILTERVALIDATEURL parameter, a URL with an invalid password field can be accepted as valid. This can cause the code to incorrectly parse the U...

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization via the validatecollectionaccess function. An attacker can obtain sensitive metadata, such as IDs, names, and descriptions of all knowledge bases across users, by sending crafted API...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from issues with the check time and usage time in the validateScriptFileForShellBleed function. This could...

UBUNTU-CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

CVE-2026-31411

CVE-2026-31411: Linux kernel ATM signaling path (net/atm) allowed forged user pointers via sendmsg(), leading to potential memory safety risks. A fix adds find_get_vcc() to validate the vcc pointer against the vcc_hash and uses sock_hold() to keep the object alive during processing of signaling o...

CVE-2026-32845

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...

CVE-2026-32845 jkuhlmann / cgltf <= 1.15 Sparse Accessor Validation Integer Overflow

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...

CVE-2026-32710

A flaw was found in MariaDB. An authenticated user can exploit a vulnerability in the JSONSCHEMAVALID function, which may lead to a server crash, resulting in a denial of service. Under specific and controlled conditions, this flaw could potentially be leveraged to achieve remote code execution,...

EUVD-2021-14439

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987031)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987031 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fix warning during failed attribute validation The 'TCAMPLSLABEL' attribute i...

Incorrect URL validation in FILTER_VALIDATE_URL

...

FILTER_VALIDATE_URL accepts URLs with invalid userinfo

...

smb: client: fix potential UAF in smb2_is_valid_lease_break()

...

PT-2024-30283 · Google · Android

Name of the Vulnerable Software and Affected Versions: Google Android versions 12 through 15 Description: The issue is related to a possible persistent denial of service due to resource exhaustion in the validate function of WifiConfigurationUtil.java. This could lead to a local denial of service...

CVE-2023-52906

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fix warning during failed attribute validation The 'TCAMPLSLABEL' attribute is of 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to the comment abov...

CVE-2023-52906

CVE-2023-52906 affects the Linux kernel’s net/sched code (act_mpls). The TCA_MPLS_LABEL attribute is NLA_U32 but uses NLA_POLICY_VALIDATE_FN, causing nla_get_range_unsigned() warnings due to negative min/max values. The fix changes the attribute type to NLA_BINARY and relocates length validation ...

CVE-2023-52520 platform/x86: think-lmi: Fix reference leak

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...

Deploying a market with a non-ERC20 asset can cause incorrect interaction with asset

Lines of code Vulnerability details Impact The market contract may expect certain ERC20 functions to be present and behave in a specific way. If the asset contract does not adhere to the ERC20 standard, the market may behave unexpectedly, resulting in incorrect token balances, pricing, or other...

In LlamaRelativeQuorum, actionApprovalSupply/actionDisapprovalSupply can be changed anytime.

Lines of code Vulnerability details Impact The governance result might be manipulated seriously because the approval/disapproval supplies can be changed anytime by an attacker. Proof of Concept The LlamaRelativeQuorum uses approval/disapproval thresholds that are specified as percentages of total...