Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013660)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013660 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: atmel-mci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore it...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013606)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013606 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifssesaddchannel Before return, should free the xid, otherwise, the xid wi...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013827)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013827 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: omaphsmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore it...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013865)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013865 advisory. In the Linux kernel, the following vulnerability has been resolved: netsched: qfq: Fix double list add in class with netem as child qdisc As described in Gerrard's...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013532)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013532 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: alcor: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013527)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013527 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in addmissingindices stbl is s8 but it must contain offse...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013682)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013682 advisory. In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posixtimeradd tries to allocate a posix...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013726)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013726 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: meson-gx: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its...

PT-2026-34604

Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 3.4.0 Description An inconsistency exists between the handling of FORBID TAGS and FORBID ATTR when a function-based ADD TAGS configuration is used. Specifically, when the EXTRA ELEMENT HANDLING.tagCheck function...

CVE-2026-40926 WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and...

CVE-2026-40871 mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API

mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...

CVE-2026-40871 mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API

mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013384)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013384 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubifreevolume It willl cause null-ptr-deref in the following...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010869)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010869 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: use smclgrlist.lock to protect smclgrlist.list iterate in smcrportadd While doing...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011179)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011179 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: atmel-mci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore it...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010786)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010786 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore it...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011138)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011138 advisory. In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubifreevolume It willl cause null-ptr-deref in the following...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010807)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010807 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: meson-gx: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011174)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011174 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snictgtcreate Smatch reports a warning as follows:...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006918)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006918 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible resource leaks in mpt3sastransportportadd In mpt3sastransportportadd,...