CVE-2025-68816

A flaw was found in the Linux kernel's mlx5 firmware tracer. A malicious or compromised firmware can provide specially crafted format strings to the tracer. Due to insufficient validation of these parameters, this can lead to system crashes, resulting in a Denial of Service DoS, or potentially...

net/mlx5: fw_tracer, Validate format string parameters

...

CVE-2026-0961

A flaw was found in Wireshark. This vulnerability allows an attacker to trigger a crash in the BLF file parser by providing a specially crafted file. Successful exploitation leads to a denial of service DoS, making the application unavailable to legitimate users. Mitigation To mitigate this issue...

SUSE CVE-2025-68816

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fwtracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings received from...

OSV-2026-53 Heap-use-after-free in graph::LigatureSubstFormat1::shrink

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475607265 Crash type: Heap-use-after-free READ 8 Crash state: graph::LigatureSubstFormat1::shrink graph::LigatureSubstFormat1::splitcontextt::shrink hbvectort graph::actuatesubtablesplitgraph::LigatureSu...

PT-2026-3003

Name of the Vulnerable Software and Affected Versions Supreme Modules Lite versions prior to 2.5.63 Description The Supreme Modules Lite plugin for WordPress is susceptible to arbitrary file upload due to inadequate file type validation. The plugin incorrectly identifies JSON files, permitting...

PT-2026-4643

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475607265 Crash type: Heap-use-after-free READ 8 Crash state: graph::LigatureSubstFormat1::shrink graph::LigatureSubstFormat1::split context t::shrink hb vector t graph::actuate subtable splitgraph::LigatureSu...

EUVD-2026-2759

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions...

CVE-2025-67079

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions...

Omnispace Agora Project security vulnerabilities

Omnispace Agora Project is a satellite IoT verification project developed by the American company Omnispace. Versions of Omnispace Agora Project prior to version 25.10 contained security vulnerabilities. These vulnerabilities stemmed from defects in the file upload function, which could allow...

PT-2026-3024

Name of the Vulnerable Software and Affected Versions Omnispace Agora Project versions prior to 25.10 Description A file upload issue exists in Omnispace Agora Project. Attackers can potentially execute code by uploading a specially crafted PDF file. This is possible through the MSL engine of the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002120)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002120 advisory. The udfreadinode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002103)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002103 advisory. fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002058)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002058 advisory. The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service buffer...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002193 advisory. Format string vulnerability in the registerdisk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002476)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002476 advisory. Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002490)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002490 advisory. Format string vulnerability in the registerdisk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001781)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001781 advisory. Heap-based buffer overflow in the udfloadlogicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002008)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002008 advisory. Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003030)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003030 advisory. An issue was discovered in fs/xfs/libxfs/xfsinodebuf.c in the Linux kernel through 4.17.3. A denial of service memory corruption and BUG can occur for a corrupted xf...