CVE-2025-12006

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image...

CVE-2025-12007 Supermicro BMC firmware update validation bypass

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image...

CVE-2025-12007

CVE-2025-12007 affects Supermicro BMC firmware validation logic on the MBD-X13SEM-F board. The vulnerability enables an attacker to update system firmware using a specially crafted image due to flawed BMC firmware verification. Impact is aligned with a high-severity CVSS vector (local, low comple...

CVE-2025-67078

Cross site scripting XSS vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001579)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001579 advisory. A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race...

SuperMicro MBD-X12STW security vulnerabilities

The SuperMicro MBD-X12STW is a server motherboard produced by the American company SuperMicro. The MBD-X12STW has a security vulnerability, which stems from issues with the BMC firmware verification logic. This vulnerability could allow attackers to use customized image updates to update the syst...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003720)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003720 advisory. An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hciuartregisterdev fails in hciuartsetproto in...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003950)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003950 advisory. An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hciuartregisterdev fails in hciuartsetproto in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001481)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001481 advisory. .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004785 advisory. A null pointer dereference issue was found in can protocol in net/can/afcan.c in the Linux before Linux. mlpriv may not be initialized in the receive path of CAN...

Unity Linux 20.1060e Security Update: kernel (UTSA-2026-004778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004778 advisory. The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004363)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004363 advisory. A null pointer dereference issue was found in can protocol in net/can/afcan.c in the Linux before Linux. mlpriv may not be initialized in the receive path of CAN...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001596)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001596 advisory. A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001335)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001335 advisory. A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by t...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003825)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003825 advisory. An issue was discovered in the Linux kernel 3.16 through 5.5.6. setfdc in drivers/block/floppy.c leads to a waittilready out-of-bounds read because the FDC index is...

CVE-2026-21917 Junos OS: SRX Series: Specifically malformed SSL packet causes FPC crash

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. If an SRX device configured for UTM Web-Filtering receives a specifical...

CVE-2026-23746 Entrust Instant Financial Issuance (IFI) SmartCardController Service .NET Remoting RCE

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service DCG.SmartCardControllerService.exe. The service registers a TCP remoting...

CVE-2026-23746

Entrust Instant Financial Issuance (IFI) On Premise (CardWizard) software versions 5.x before 6.10.5 and before 6.11.1 expose the SmartCardControllerService (DCG.SmartCardControllerService.exe) to insecure .NET Remoting. The service registers a TCP remoting channel with unsafe formatter/settings,...

CVE-2026-23746 Entrust Instant Financial Issuance (IFI) SmartCardController Service .NET Remoting RCE

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service DCG.SmartCardControllerService.exe. The service registers a TCP remoting...

CVE-2025-67078

Cross site scripting XSS vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors...