Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007580)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007580 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007614)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007614 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007397)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007397 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINEDATA + EXTENTS flag combination syzbot reported a BUGON in...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-007346)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007346 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: do not assert we found block group item when creating free space tree Currently, when...

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via static resource resolution. An attacker can cause denia...

[SECURITY] Fedora 44 Update: kf6-kio-6.25.0-1.fc44

KDE Frameworks 6 Tier 3 solution for filesystem abstraction...

[SECURITY] Fedora 44 Update: kf6-6.25.0-1.fc44

Filesystem and RPM macros for KDE Frameworks 6...

GHSA-3PW3-V88X-XJ24 Paperclip: Arbitrary File Read via Agent-Controlled adapterConfig.instructionsFilePath

Summary Paperclip contains an arbitrary file read vulnerability that allows an attacker with an Agent API key to read files from the Paperclip server host filesystem. The vulnerability occurs because agents are allowed to modify their own adapterConfig through the /agents/:id API endpoint. The...

Paperclip: Arbitrary File Read via Agent-Controlled adapterConfig.instructionsFilePath

Summary Paperclip contains an arbitrary file read vulnerability that allows an attacker with an Agent API key to read files from the Paperclip server host filesystem. The vulnerability occurs because agents are allowed to modify their own adapterConfig through the /agents/:id API endpoint. The...

Flowise: Path Traversal in Vector Store basePath

Summary The Faiss and SimpleStore LlamaIndex vector store implementations accept a basePath parameter from user-controlled input and pass it directly to filesystem write operations without any sanitization. An authenticated attacker can exploit this to write vector store data to arbitrary locatio...

Security Bulletin: Go-getter may allow to arbitrary filesystem reads through git operations

Summary HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and...

EUVD-2026-23086

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-22676

Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place...

CVE-2026-40163

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offlinechanges endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content...

CVE-2026-33098

Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally...

CVE-2026-6360

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-6360

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-6360

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-6360

Google Chrome vulnerability CVE-2026-6360: Use-after-free in FileSystem prior to 147.0.7727.101 allows remote exploitation via a crafted HTML page, potentially causing object corruption. Severity: High. Mitigation: upgrade to Chrome 147.0.7727.101 or later.

CVE-2026-6360

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...