OESA-2026-1130 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended...

iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED

...

CVE-2025-70890

A stored cross-site scripting XSS vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the...

CVE-2025-70892

Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint...

CVE-2025-70891

A stored cross-site scripting XSS vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000566)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000566 advisory. Memory leak in the keylinkend function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service memory consumption...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004367)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004367 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times deviceadd shall not be calle...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004406)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004406 advisory. In the Linux kernel 5.4.0-rc2, there is a use-after-free read in the blkaddtrace function in kernel/trace/blktrace.c which is used to fill out a blkiotrace structure...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001418)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001418 advisory. nbdaddsocket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndbqueuerq use-after- free that could be triggered by local attackers with access to t...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003934)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003934 advisory. An array overflow was discovered in mt76addfragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003605)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003605 advisory. In the Linux kernel before 5.0.3, a memory leak exits in hsrdevfinalize in net/hsr/hsrdevice.c if hsraddport fails to add a port, which may cause denial of service,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004166)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004166 advisory. A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueueadd function in lib/timerqueue.c. This flaw allows...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000659)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000659 advisory. The epollctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLLCTLADD operations, which allows local user...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001268)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001268 advisory. The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of addkey for a key that already exists but is uninstantiated, which allows local users to cause...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003665 advisory. A memory leak in the unittestdataadd function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service memory...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000933)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000933 advisory. The fib6add function in net/ipv6/ip6fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a deni...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000723)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000723 advisory. The onlinepages function in mm/memoryhotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service NULL pointer dereference and system cra...

CVE-2025-70892

Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint...

CVE-2025-70892

Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint...

CVE-2025-70891

A stored cross-site scripting XSS vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated...