PT-2026-37032

Name of the Vulnerable Software and Affected Versions Traccar versions 6.11.1 through 6.12.x Description The CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. This allows an attacker to inject spreadshee...

PT-2026-37281

Name of the Vulnerable Software and Affected Versions Grav CMS Form plugin versions prior to 9.1.0 Description A Stored Cross-Site Scripting XSS issue exists in the select field template of the Grav CMS Form plugin. Taxonomy tag and category values are rendered using the Twig |raw filter in the...

Redis 安全漏洞

Redis is an open-source database developed by Redis Technologies in the United States. It is written in ANSI C, supports networking, and can be implemented as either in-memory or persistent storage systems. It also provides APIs in multiple languages. Versions of Redis 8.6.3 and earlier contained...

CVE-2026-5109

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

CVE-2026-5335 Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosure

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

Astra Linux – Vulnerability in imagemagick

There are several memory leaks in the MIFF coder located at /coders/miff.c, due to improper image depth values. These leaks can be triggered by a specially crafted input file. These issues could potentially affect the availability of the application or cause a denial of service. It was initially...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: ptrace: Fixed SVE writes on !SME systems When SVE is supported but SME is not supported, a ptrace write to NTARMSVE regset can place the tracee into an invalid state. In this state, non-streaming SVE register data i...

Astra Linux – Vulnerability in LibreOffice

The Document Foundation LibreOffice has a vulnerability where environmental variables and arbitrary INI file values may be exposed to unauthorized actors. URLs can be created that expand environmental variables or INI file values, allowing potentially sensitive information to be exfiltrated to a...

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, as well as 10.0.0 and 11.0.0, when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e., q parameters, the server may enter a Denial-of-Service DoS state due to high CPU usage in processing...

Astra Linux – Vulnerability in OpenLDAP

A flaw was discovered in OpenLDAP before version 2.4.57, which led to a crash in the slapd process during control handling of the Values Return Filter. This caused a denial of service attack, involving double-free operations and out-of-bounds reads...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmbtreeremove: Assign newroot only when the removal succeeds. The removeraw function in dmbtreeremove may fail due to IO read errors e.g., failure to read the content of the origin block during shadowing. Additionally, the value ...

Astra Linux – Vulnerability in Tiff

A vulnerability was discovered in the libtiff library. This flaw causes a heap buffer overflow issue due to the TIFFTAGINKNAMES and TIFFTAGNUMBEROFINKS values...

Astra Linux – Vulnerability in Linux 5.15

A issue was discovered in the Linux kernel before version 6.3.4. ksmbd has a buffer overflow vulnerability in the smb2findcontextvals function, when the namelen of createcontext is larger than the length of the tag...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an array-index-out-of-bounds issue in jfsreaddir. The stbl might contain some invalid values. A check was added to return an error code in such cases...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix in setting the fpc register The function kvmarchvcpuioctlsetfpu allows setting the floating-point control fpc register of a guest CPU. The new value is tested for validity by temporarily loading it into the fpc...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/plane: Fixed the return value of createinformatblob createinformatblob is supposed to return a valid pointer or an error; it should never return NULL. The caller will dereference the blob if there is no error, and thus will...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcrrt5640 – Fixed invalid quirk input mapping. When an invalid value is passed via the quirk option, currently, the bytcrrt5640 driver only displays an error message but leaves the system unchanged. This may lead t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2lwdt: Fixed the 32-bit overflow issue. The value of timercycleus can be 0 due to 32-bit overflow. For example, if we assign the counter value “0xfff” for computing maxval. This patch fixes this issue by appending...

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The values and valueslist methods on models with a JSONField are vulnerable to SQL injection when column aliases are used, due to a crafted JSON object key being passed as an argument...

Astra Linux – Vulnerability in Mariadb 10.3

SaveWindowFunctionValues in MariaDB before 10.6.3 can cause an application to crash due to incorrect handling of withWindowFunc=true for a subquery...