Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Security issue: Restrict CONFIGZEROCALLUSEDREGS to GCC or Clang version 15.0.6 or later. A bug in Clang’s implementation of -fzero-call-used-regs can lead to NULL pointer dereferencing see the links above the check for more...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

Transmitted requests in Xen’s virtual network protocol can consist of multiple parts. Although none of them are actually useful, except for the initial part, any of these parts can be of zero length, meaning they carry no data at all. Apart from the certain initial portion of the data to be...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: kvaserusb: leaf: Fix potential infinite loop in command parsers The functions kvaserusbleafwaitcmd and kvaserusbleafreadbulkcallback contain logic for handling zero-length commands. These commands are used to align data with the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg – Zero initialize memory allocated via sockkmalloc Several crypto user API contexts and requests that were allocated using sockkmalloc remained uninitialized. This meant that callers had to explicitly set the fields...

CVE-2026-7705

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

Exploit for Integer Overflow or Wraparound in Zeromq Libzmq

CVE-2019-6250 — libzmq pre-auth RCE lab !CVEhttps://img.s...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-140.10.1esr-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For...

Edimax BR-6208AC 注入漏洞

The Edimax BR-6208AC is a wireless router produced by Edimax of Taiwan, China. Version 1.02 of the Edimax BR-6208AC has a vulnerability related to injection attacks. This vulnerability stems from the setWAN function in the L2TP Mode component, which processes the L2TPUserName parameter. This coul...

AMTT Hotel Broadband Operation System 注入漏洞

AMTT Hotel Broadband Operation System is a hotel broadband operation system developed by AMTT Corporation. Version 1.0 of the AMTT Hotel Broadband Operation System contains a injection vulnerability. This vulnerability arises from the operation of unknown functions on parameters ID in the file...

PT-2026-36727

Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 3.8.1 Description An authentication bypass exists in the Ruoyi-Vue-Pro component. Manipulation of the mock-token argument within the doFilterInternal function of the JwtAuthenticationTokenFilter.java file...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2026-122-03)

The version of mozilla-thunderbird installed on the remote host is prior to 140.10.1esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-122-03 advisory. New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues...

CVE-2026-7653 r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection

A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...

linux-copy-fail-exploit

CVE-2026-31431 Copy Fail - LPE Exploit PoC !Pythonhttps:...

CVE-2026-7642

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...

CVE-2026-7628

A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The...

UBUNTU-CVE-2026-6525

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

CVE-2026-7628

The CVE-2026-7628 affects crazyrabbitLTC mcp-code-review-server (up to version 0.1.0). The vulnerability is in RepoMix Command Handler’s function executeRepomix (src/repomix.ts), where a manipulation yields command injection. Exploitation can be remote, and public exploit code is available. The i...

RUSTSEC-2026-0127 Integer overflow in `array::ReadWrite::new()` leading to potential memory corruption

In array::ReadWrite::new line 83 of accessor/src/array.rs, let bytes = mem::sizeof:: len can overflow usize when len is very large. In release mode, this silently wraps, potentially making bytes = 0. The mapper then maps with 0 bytes, and subsequent accesses e.g. readvolatileat lead to undefined...

SUSE-SU-2026:21444-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_20

This update for kernel-livepatch-MICRO-6-0-RTUpdate20 fixes the following issues: This is the initial kernel RT livepatch for update 20...

BELL-CVE-2026-43010

Bulletin has no description...