Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013642)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013642 advisory. In the Linux kernel, the following vulnerability has been resolved: fpga: prevent integer overflow in dflfeatureioctlsetirq The hdr.count sizeofs32 multiplication ca...

Towards Certified Malware Detection: Provable Guarantees against Evasion Attacks

Machine learning-based static malware detectors remain vulnerable to adversarial evasion techniques, such as metamorphic engine mutations. To address this vulnerability, we propose a certifiably robust malware detection framework based on randomized smoothing through feature ablation and targeted...

PT-2026-34352

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 file system where the kernel fails to reject mounting when bigalloc is used in conjunction with s first data block not equal to 0, a configuration that is not...

CVE-2026-22751

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-011338)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011338 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the Helper::stripDangerousTags function used in the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010922)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010922 advisory. In the Linux kernel, the following vulnerability has been resolved: fpga: prevent integer overflow in dflfeatureioctlsetirq The hdr.count sizeofs32 multiplication ca...

CVE-2026-40305

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...

CVE-2026-25883

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an arbitrary URL that receives HTTP POST requests when meetings complete. The application performs no validation on th...

Exploit for CVE-2025-68999

CVE-2025-68999 Happy Addons for Elementor = 3.20.4 —...

PT-2026-33790

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an arbitrary URL that receives HTTP POST requests when meetings complete. The application performs no validation on th...

PT-2026-33841

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation control...

CVE-2026-40305

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...

SUSE SLES12 Security Update : python-urllib3 (SUSE-SU-2026:1412-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1412-1 advisory. Security issues: - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. -...

DNN 安全漏洞

DNN also known as DotNetNuke is an open-source content management system CMS developed by the American company DNN, supported by Microsoft and built on the ASP.NET platform. This system features easy installation, scalability, and rich functionality. Versions of DNN from 6.0.0 to 10.2.2 contained...

SUSE CVE-2026-33220

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

EUVD-2026-23000

Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository...

CVE-2026-33220

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

SUSE-SU-2026:1412-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: Security issues: - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API...

EUVD-2026-23188

The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the wpajaxacymailingrouter AJAX handler. This makes it possible for authenticated attackers, with Subscriber-level access and...