Kaseya Virtual System Administrator - Open Redirect

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. id: CVE-2015-286...

Gogs's write-level collaborators can mutate admin-only repository settings via API

Summary Three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent operations in the web UI sit behind reqRepoAdmin, which requir...

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.11 contains a heap buffer overflow issue, caused by the derivecollocatedmotionvectors function in the motion.cc file...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: 'intelth': Fixed a resource leak in the error handling path. If an error occurs after calling 'pciallocirqvectors', 'pcifreeirqvectors' must be called, as already done in the remove function...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nvme-pci: Handling of changes to the device’s DMA map requirements. The initial state of dmaneedsunmap might be false, but it becomes true during the DMA mapping process. Enabling swiotlb can affect the outcome in such cases...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: The function devmaddactionorreset is actually used. The function pciallocirqvectors allocates an interrupt vector. When devmaddaction fails, the interrupt vector is not freed, resulting in a memory leak...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed the issue of freeing uninitialized misc IRQ vectors When the VSI setup failed in i40eprobe, as part of the PF switch setup, the driver tried to free misc IRQ vectors in i40eclearinterruptscheme, resulting in a kernel...

Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware

Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions...

Important: postgresql

Issue Overview: Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores...

Exploit for CVE-2019-5513

VMware Horizon /broker/xml Vulnerability Scanner !Security...

CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

GHSA-PR2W-4GPJ-CPQ4 Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points

Description SandboxNodeVisitor enforces SecurityPolicy::checkMethodAllowed for implicit toString calls by wrapping selected AST nodes in CheckToStringNode. The set of wrapped nodes is incomplete, and several Twig language constructs still trigger PHP string coercion on a Stringable operand withou...

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

CVE-2026-41957

An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

CVE-2026-11347

The CVE-2026-11347 entry describes vulnerabilities in the linqi application: hardcoded cryptographic keys and a weak IV-generation mechanism for AES/CBC using a limited ASCII charset. This combination enables known-plaintext attacks and allows an attacker with local access to decrypt obfuscated s...

CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

PT-2026-46913

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

Linqi 安全漏洞

Linqi is an English speaking practice platform developed by the German company Linqi. It combines human language interaction with AI-based feedback. Linqi has a security vulnerability, which stems from hard-coded encryption keys and weak algorithms for generating initialization vectors. This allo...

CVE-2026-50210

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...