Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng – ensure the buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. The qcomrngread function may...

CVE-2026-6229 Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the rendercsvdata function, which can be bypassed by including 'docs.google.com/spreadsheets' in...

CVE-2026-6229 Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter

The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057. This is due to insufficient validation of user-supplied URLs in the rendercsvdata function, which can be bypassed by including 'docs.google.com/spreadsheets' in...

CVE-2026-5109

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

CVE-2026-5109

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

CLSA-2026-1777481673 cups: Fix of CVE-2026-34980

CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of value-passing structures in the vidtvtsnullwriteinto and vidtvtspcrwriteinto functions...

open-amp 输入验证错误漏洞

open-amp is an OpenAMP open source framework that supports communication and lifecycle management between heterogeneous multi-core processors. An input validation error vulnerability exists in open-amp version v2025.10.0, which stems from an integer overflow in the ELF loader during firmware imag...

Micro XRCE-DDS Agent 安全漏洞

Micro XRCE-DDS Agent is an eProsima open source proxy bridging tool for resource constrained devices to communicate with the DDS world. A security vulnerability exists in Micro XRCE-DDS Agent version 3.0.1 that stems from improper handling of non-valid values in Boolean fields, which could lead t...

CVE-2026-37540

OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elfloader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems STM32MP1, Zynq, i.MX, large values can...

EUVD-2026-26693

OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elfloader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems STM32MP1, Zynq, i.MX, large values can...

CVE-2026-37540

OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elfloader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems STM32MP1, Zynq, i.MX, large values can...

CVE-2026-37540

OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elfloader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems STM32MP1, Zynq, i.MX, large values can...

GitHub Enterprise 3.x < 3.14.25 / 3.15.x < 3.15.20 / 3.16.x < 3.16.16 / 3.17.x < 3.17.13 / 3.18.x < 3.18.7 / 3.19.x < 3.19.4 RCE (CVE-2026-3854)

The version of GitHub Enterprise installed on the remote host is affected by a remote code execution vulnerability: - An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote...

GHSA-Q7R4-HC83-HF2Q Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix)

Vulnerability Details CWE: CWE-20 - Improper Input Validation The metadata value sanitization introduced in v8.30.1 commit 405f106 only validates metadata KEYS via safeKeyPattern regex. Metadata VALUES are passed unsanitized to go-exiftool SetString, which writes them as fmt.Fprintlne.stdin,...

Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix)

Vulnerability Details CWE: CWE-20 - Improper Input Validation The metadata value sanitization introduced in v8.30.1 commit 405f106 only validates metadata KEYS via safeKeyPattern regex. Metadata VALUES are passed unsanitized to go-exiftool SetString, which writes them as fmt.Fprintlne.stdin,...

Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap

Exploit Title: Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap Date: 2026-02-23 Exploit Author: nu11secur1ty Vendor Homepage: https://www.google.com/chrome/ Software Link: https://www.google.com/chrome/ Version: Chrome = 144.x | Chrome 145.0.7632.75 Tested on: Windows 11 / Linux / macOS CVE...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the WAV file processing path when the multiplication of samplesperblock and blocks exceeds the maximum value for a 32-bit integer, resulting in an integer overflow before assignment to a 64-bit variable...

CLSA-2026-1777480298 cups: Fix of CVE-2026-34980

CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job...

JLSEC-2026-301

HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5toolsstrsprint in tools/lib/h5toolsstr.c called from h5toolsdumpsimpledata in tools/lib/h5toolsdump.c...