Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011234)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011234 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing portstate and rport state nvmefcunregisterremote removes the remote...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010800)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010800 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bcsp: receive data only if registered Currently, bcsprecv can be called even when the...

CVE-2026-29647

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

CVE-2026-6284

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...

EUVD-2026-23917

Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability in IDRAC. A high privileged attacker with local access could...

EUVD-2026-23859

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Framework MVC and WebFlux

Summary Due to use of Spring Framework MVC and WebFlux, DevOps Test Performance and Rational Performance Tester contain a potential stream corruption vulnerability. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to stream corruption when...

EUVD-2026-23785

A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...

PT-2026-33815

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in...

PT-2026-33840

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

CVE-2026-29647

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

Dell PowerProtect Data Domain（Dell PowerProtect DD） 安全漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Vulnerabilities exist in versions 7.7.1.0 to 8.7.0.0 of Dell PowerProtect Data Domain Dell PowerProtect DD, as wel...

EyouCMS 安全漏洞

EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. EyouCMS versions 1.7.1 and earlier have security vulnerabilities. These vulnerabilities stem from the handling of the filename parameter in the file...

Exploit for CVE-2026-4484

CVE-2026-4484 Masteriyo LMS = 2.1.6 - Missing Authorizatio...

CVE-2026-27144 vulnerabilities

Vulnerabilities for packages: wireguard-go, redpanda, secrets-store-csi-driver-provider-azure, mattermost, newrelic-nri-statsd, hey, kubernetes-csi-external-attacher, gitlab-kas, nri-mssql, opentelemetry-operator, gatekeeper, coredns, knative-serving, vault-env, kube-arangodb, redka, nats-top,...

CVE-2026-27143 vulnerabilities

Vulnerabilities for packages: wireguard-go, redpanda, secrets-store-csi-driver-provider-azure, mattermost, newrelic-nri-statsd, hey, kubernetes-csi-external-attacher, gitlab-kas, nri-mssql, opentelemetry-operator, gatekeeper, coredns, knative-serving, vault-env, kube-arangodb, redka, nats-top,...

GHSA-CQRX-3M42-5P5W vulnerabilities

Vulnerabilities for packages: wireguard-go, redpanda, secrets-store-csi-driver-provider-azure, mattermost, newrelic-nri-statsd, hey, kubernetes-csi-external-attacher, gitlab-kas, nri-mssql, opentelemetry-operator, gatekeeper, coredns, knative-serving, vault-env, kube-arangodb, redka, nats-top,...

GHSA-CFP9-33RC-J74F vulnerabilities

Vulnerabilities for packages: wireguard-go, redpanda, secrets-store-csi-driver-provider-azure, mattermost, newrelic-nri-statsd, hey, kubernetes-csi-external-attacher, gitlab-kas, nri-mssql, opentelemetry-operator, gatekeeper, coredns, knative-serving, vault-env, kube-arangodb, redka, nats-top,...

CVE-2026-27144 vulnerabilities

Vulnerabilities for packages: kubescape-operator-fips, datadog-agent, commercial-chainloop-backend, loki, aws-flb-firehose-fips, http-echo, atlantis, azurefile-csi-fips, crossplane-function-auto-ready-fips, xcover, kubescape-server, dapr, grafana, knative-serving-fips, nri-f5, flux-fips,...

GHSA-CFP9-33RC-J74F vulnerabilities

Vulnerabilities for packages: kubescape-operator-fips, datadog-agent, commercial-chainloop-backend, loki, aws-flb-firehose-fips, http-echo, atlantis, azurefile-csi-fips, crossplane-function-auto-ready-fips, xcover, kubescape-server, dapr, grafana, knative-serving-fips, nri-f5, flux-fips,...