1245 matches found
May 12, 2026—KB5087537 (OS Build 14393.9140)
None None...
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Insufficient ui warning of dangerous operations in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
PT-2026-55649
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Insufficient UI warnings regarding dangerous operations allow an unauthorized attacker to perform spoofing over a network. Recommendations At the moment, there is no...
Fedora 44 : cpp-httplib (2026-1b15ac058b)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1b15ac058b advisory. Update to 0.48.0 rhbz2481109 Security fixes - Complete the IP-host certificate identity fix from v0.47.0 for the Mbed TLS and wolfSSL backends. An...
7-Zip <= 26.02 Mark-of-the-Web Bypass (CVE-2026-58052)
The version of 7-Zip installed on the remote Windows host is 26.02 or earlier. It is, therefore, affected by a vulnerability: - 7-Zip for Windows fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier...
GHSA-QCR8-X557-7CP3 @asymmetric-effort/specifyjs: Production console warnings may leak internal framework state
Finding Location: core/src/core/scheduler.ts:23, core/src/hooks/dispatcher.ts:100, core/src/client/graphql.ts:71 Several console.warn calls are not gated behind DEV and will fire in production builds, potentially exposing internal framework state such as queue sizes, component names, and query...
Malicious code in dt-validator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0dd6dc392ad68861c938e7798773adf5359c835743e711a834d84221b481bdf The package's top-level public API dtvalidator.validate — colocated in all with legitimate helpers validateextension, validatesize, and...
Here’s how Opera’s Paste Protect guards you natively against clipboard attacks
News, Security Here’s how Opera’s Paste Protect guards you natively against clipboard attacks Share July 2nd, 2026 At Opera, user security is a top priority. That’s why today, we are excited to announce that Opera is the first browser to introduce Paste Protect: a native defense measure against...
CVE-2026-53333
A flaw was found in the Linux kernel's memory management mm/mincore. This vulnerability occurs when handling non-swap memory entries, particularly in systems configured without swap. An issue in the mincorepterange function can cause the system to incorrectly report certain memory pages as...
CVE-2026-53284
A flaw was found in the Linux kernel's Btrfs filesystem. A local user performing specific filesystem operations could trigger an error during the writing of dirty extent buffers. This improper handling of the dirty pages I/O tree can prevent unsubmitted records from being cleaned up, leading to...
CVE-2026-53319
A flaw was found in the Linux kernel's block writeback throttling blk-wbt component. The wbtinitenabledefault function used a warning mechanism WARNONONCE for expected failure paths during memory allocation or if writeback throttling was already registered. This could lead to spurious warnings, b...
CVE-2026-58052
7-Zip for Windows through 26.01 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...
CVE-2026-58052
7-Zip for Windows through 26.01 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...
Linux Distros Unpatched Vulnerability : CVE-2026-53284
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the...
UBUNTU-CVE-2026-53319
In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...
CVE-2026-53284
In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net: ipv6: Fixed warnings related to memcpy operations that span multiple fields in the AH output. These warnings occur when extension headers are copied to IPv6 address fields, causing Fortify-string warnings regarding writes...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: validate PHY address before use The ASIX driver reads the PHY address from the USB device via asixreadphyaddr. A malicious or faulty device may return an invalid address = PHYMAXADDR, which causes a warning in...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed the destruction of kthread workers in polling mode. The cleanup order in polling mode irq worklist and WARNON!listempty&worker-delayedworklist. The original code called kthreadDestroyWorker before...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: added srng-lock for ath11khalsrng in monitor mode. ath11khalsrng should be used with srng-lock to protect the srng data. For ath11kdprxmondestprocess and ath11kdpfullmonprocessrx, they use ath11khalsrng multiple...