Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010943)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010943 advisory. In the Linux kernel, the following vulnerability has been resolved: ata: patavia: Force PIO for ATAPI devices on VT6415/VT6330 The controller has a hardware bug that...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007021)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007021 advisory. In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013266)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013266 advisory. An issue was discovered in sunxidivsclksetup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derivedname, which...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011181)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011181 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in estreesearch caused by bad boot loader inode We got a issue as fllows:...

Security Bulletin: DevOps Test Performance contains a vulnerability due to use of Spring Boot

Summary Due to use of Spring Boot, DevOps Test Performance and Rational Performance Tester contain a potential authentication bypass vulnerability. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass"...

PT-2026-36836

Name of the Vulnerable Software and Affected Versions D-Link DIR-600L Hardware Revision A1 Description A hardcoded telnet backdoor exists in the device. At boot, the device starts a telnet daemon via the /bin/telnetd.sh script using the username "Alphanetworks" and a static password "wrgn35 dlwbr...

Spring Office Hours Podcast: S5E13 - Community Potluck

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this Potluck episode, Dan and DaShaun open up the floor to the community, answering your questions on Spring Boot, Spring AI, Spring Security, and whatever else is on your mind. Potluck episodes are shaped...

PT-2026-36837

Name of the Vulnerable Software and Affected Versions D-Link DIR-456U Hardware Revision A1 Description The device contains a hardcoded telnet backdoor. At boot, a telnet daemon is started via the script '/etc/init0.d/S80telnetd.sh' using the username "Alphanetworks" and a static password "whdrv01...

PT-2026-36835

Name of the Vulnerable Software and Affected Versions D-Link DIR-600L Hardware Revision B1 Description A hardcoded telnet backdoor exists where the device starts a telnet daemon at boot via the /bin/telnetd.sh script. The system uses a static username "Alphanetworks" and password "wrgn61 dlwbr...

April 19, 2026—KB5091573 (OS Build 17763.8647) Out-of-band

April 19, 2026—KB5091573 OS Build 17763.8647 Out-of-band Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices...

April 19, 2026—KB5091575 (OS Build 20348.5024) Out-of-band

April 19, 2026—KB5091575 OS Build 20348.5024 Out-of-band ​​​​​​​Announcements and messages This section provides key notifications related to this release, including announcements, change logs, and end-of-support notices. Windows Secure Boot certificate expiration Windows Secure Boot certificate...

April 19, 2026—KB5091572 (OS Build 14393.9062) Out-of-band

April 19, 2026—KB5091572 OS Build 14393.9062 Out-of-band Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices...

CVE-2026-6507

A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY Bootstrap Protocol Reply packet to a dnsmasq server configured with the --dhcp-split-relay option. This can lead to memory corruption, causing the dnsmasq...

DeerFlow 安全漏洞

DeerFlow is an open-source orchestration framework developed by Bytedance, used to coordinate sub-agents and skill executions. DeerFlow has a security vulnerability, which stems from the bypass of agent name validation during the creation of custom agents in boot mode. This vulnerability may lead...

DNSmasq 安全漏洞

DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability that stems from out-of-bounds writing when processing specially crafted BOOTREPLY packets. This vulnerability may lead to memory corruption and denial-of-service attacks...

PT-2026-33448

Name of the Vulnerable Software and Affected Versions dnsmasq affected versions not specified Description A remote attacker can trigger an out-of-bounds write by sending a specially crafted BOOTREPLY Bootstrap Protocol Reply packet to a server configured with the --dhcp-split-relay option. This...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007552)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007552 advisory. In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix usecount leakage when handling boot-on I found a usecount leakage towards...

SUSE SLES12 Security Update : shim (SUSE-SU-2026:1414-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1414-1 advisory. shim is updated to version 16.1: - shimstartimage: fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test...

poc

poc Collection of my PoC's for various vulnerabilities. L...

com.exactpro.sf:sailfish-frontend (>=3.2.1036 <=3.4.260), com.github.persapiens:jsf-bootsfaces-spring-boot-starter (>=1.6.0 <=1.7.3) +67 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=1.10 <=1.14.1)

org.omnifaces:omnifaces MAVEN version =1.10, =3.2.1036, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.3.0, =1.2.0, =1.6.0, =1.7.0, =1.3.0, =1.0.0, =1.6.0, =1.7.0, =1.7.3 and more Source cves: CVE-2026-41883https://vulners.com...