SQL Injection

Overview @nocobase/database is a Affected versions of this package are vulnerable to SQL Injection via the queryParentSQL function. An attacker can execute arbitrary SQL commands, extract sensitive data, modify or delete database records, and potentially cause denial of service by injecting...

GHSA-WRWH-C28M-9JJH @nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call

Summary The checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions...

SQL Injection

Overview @nocobase/plugin-collection-sql is a Provides SQL collection template Affected versions of this package are vulnerable to SQL Injection through the update handler in the collection SQL resource. An attacker can submit a malicious sql value while updating a SQL-backed collection and have ...

@nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call

Summary The checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions...

CVE-2026-31455

A flaw was found in the Linux kernel's XFS file system. During the unmount process, the system attempts to flush data while background cleanup and inode garbage collection inodegc operations are still active. This improper synchronization can lead to data integrity issues or system instability, a...

EUVD-2026-24794

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013782)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013782 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip end interval element from gc rbtree lazy gc on insert might collect...

PT-2026-34610

Name of the Vulnerable Software and Affected Versions @nocobase/plugin-collection-sql versions prior to 2.0.39 Description An issue exists where the checkSQL validation function, designed to block dangerous SQL keywords such as pg read file, LOAD FILE, and dblink, is not applied to the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the xfsunmountFlushInodes function. This function does not stop recycling inodes before pushing...

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: Internal changes to fix build issues with no impact for customers spacecmd: Version 5.1.13-0 Updated translation strings uyuni-tools: Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key file...

SUSE-SU-2026:1520-1 Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers spacecmd: - Version 5.1.13-0 Updated translation strings uyuni-tools: - Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key...

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.1.13-0 Updated translation strings uyuni-tools: Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key file can miss if CA password is blank bsc1254154 mgrpxy ssh tuning should happens before crypto policies...

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.1.13-0 Update translation strings uyuni-tools: Version 5.1.26-0 Fix applying PTF with images from RPMs bsc1252548 Ssl Key file can miss if CA password is blank bsc1254154 mgrpxy ssh tuning should happens before crypto policies bsc1254619...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010955)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010955 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on summary info As Wenqing Liu reported in bugzilla:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013359 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013101)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013101 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release mutex after nftgcseqend from abort path The commit mutex should not ...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011402)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011402 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip end interval element from gc rbtree lazy gc on insert might collect...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013132)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013132 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip sync GC for new elements in this transaction New elements in this...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011041)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011041 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release mutex after nftgcseqend from abort path The commit mutex should not ...