4531 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: Zoned – Initialize the device’s zone info for seeding When performing seeding on a zoned filesystem, it is necessary to initialize the btrfszoneddeviceinfo structure of each zoned device. Otherwise, mounting the filesystem...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Added a null pointer check to pszkmsgread. The kasprintf function returns a pointer to dynamically allocated memory, which may be NULL in case of failure. Ensure that the allocation was successful by checking the...
Astra Linux – Vulnerability in Golang-1.19, Golang-1.23
The matching of hosts against proxy patterns may improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to “.example.com”, a request to “::1%25.example.com:80” will be incorrectly matched and not be proxied...
Astra Linux – Vulnerability in Golang-1.19, Golang-1.23
A certificate with a URI that has an IPv6 address and a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not allowed in web PKIs; therefore, this only affects users of private PKIs that use URIs...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: Avoid scanning potential huge holes. When using devmrequestfreememregion and devmmemremappages to add ZONEDEVICE memory, if the end PFN of the requested free memory region is huge e.g., 0x400000000, then nodeendpfn...
SUSE-SU-2026:2467-1 Security update for amazon-ssm-agent
This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239342. - CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs bsc1238702. ...
PT-2026-51061
Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.6.0 Description The Konnected integration registers an HTTP endpoint 'KonnectedView' located in homeassistant/components/konnected/ init .py that is configured to not require authentication. While write...
EUVD-2026-37601
Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...
EUVD-2026-37599
Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...
EUVD-2026-37598
Subscriber Arbitrary File Upload in Restaurant Zone = 0.7.8 versions...
CVE-2026-40749
Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...
CVE-2026-40746
Subscriber Arbitrary File Upload in Restaurant Zone = 0.7.8 versions...
CVE-2026-40747
Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...
CVE-2025-69139
Unauthenticated Arbitrary File Deletion in Car Zone = 3.7 versions...
CVE-2026-40749 WordPress Charity Zone theme <= 1.1.1 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...
CVE-2026-40749
The CVE covers the WordPress Charity Zone theme (versions <= 1.1.1) with a Subscriber Arbitrary File Upload vulnerability. The underlying issue enables arbitrary files to be uploaded due to insecure handling in Charity Zone
CVE-2026-40747 WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...
CVE-2026-40747
CVE-2026-40747 affects the WordPress Ecommerce Zone theme (versions <= 0.9.7) and is an Arbitrary File Upload vulnerability. The connected documents confirm a subscriber Arbitrary File Upload issue in Ecommerce Zone
CVE-2026-40746 WordPress Restaurant Zone theme <= 0.7.8 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Restaurant Zone = 0.7.8 versions...
CVE-2026-40746
The CVE-2026-40746 entry concerns WordPress Theme Restaurant Zone (versions