Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Use variable length arrays instead of fixed-size ones. The issue with the “smatch warning” should be fixed: Error in ntfssetlabel: builtinmemcpy’s ‘uni-name’ is too small 20 vs 256...

Astra Linux - уязвимость в mariadb-10.3

MariaDB version 10.5.9 allows a SetVar.cc application to crash due to certain uses of the UPDATE statement in conjunction with a nested subquery...

MAL-2026-4608 Malicious code in mcp-server-iehub-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba03746ec3542dbe6ea365d04c04a7b9ac1366a547da3a6e7bc146900ad67a51 proxy.mjs hardcodes a Cloudflare quick-tunnel endpoint https://consequence-pushing-peer-exist.trycloudflare.com and uses fetch... POST... with...

ALPINE-CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

DEBIAN-CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

CVE-2026-8627

The Correct Prices plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in versions up to and including 1.0. This is due to the correctpricespage function echoing $SERVER'PHPSELF' into a form's action attribute without any input sanitization or...

CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

Malicious code in @mcpassure/mcp-anvisa-bulario (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e846cabb7b5077244737d7a465e944ebe7635db46cc55e7e5736eeda47d30938 dist/bootstrap.js references a hardcoded URL on pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev — an anonymous Cloudflare R2 bucket — and calls fetch...

MAL-2026-4406 Malicious code in @mcpassure/mcp-anvisa-bulario (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e846cabb7b5077244737d7a465e944ebe7635db46cc55e7e5736eeda47d30938 dist/bootstrap.js references a hardcoded URL on pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev — an anonymous Cloudflare R2 bucket — and calls fetch...

MAL-2026-4427 Malicious code in @rocketreach/rr-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1c16148ad4c13ad5d5cbfe951d9ca934a0912ab5ad75c3b4afee19be86172fa On npm install, both preinstall and postinstall lifecycle hooks execute postinstall.js, which collects host identifiers hostname, platform, arch, OS...

WordPress plugin Correct Prices 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

WordPress plugin LJ comments import: reloaded 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-42084

Name of the Vulnerable Software and Affected Versions Correct Prices versions prior to 1.1 Description The Correct Prices plugin for WordPress is subject to Reflected Cross-Site Scripting, a flaw where an application includes untrusted data in a web page without proper validation, allowing an...

Linux Distros Unpatched Vulnerability : CVE-2026-27851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be...

CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

CVE-2026-47092

Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version...

libssh: Use of uninitialized variable in privatekey_from_file()

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...

RHEL 9 : libssh (RHSA-2026:18683)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18683 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...

@join-com/jest-matchers (>=1.0.0 <=1.0.1), jest-expect (=0.0.1) +1 more potentially affected by unknown CVE via fixed-round (=1.0.2)

fixed-round NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on fixed-round and may be impacted: - @join-com/jest-matchers =1.0.0, =0.0.1, =0.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4134...