Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001778 advisory. Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service memory consumption or system crash via invalid MAPHUGETL...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002403)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002403 advisory. The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, whic...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003163)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003163 advisory. In the Linux kernel 4.15.x through 4.19.x before 4.19.2, mapwrite in kernel/usernamespace.c allows privilege escalation because it mishandles nested user namespaces...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002231)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002231 advisory. The recalculateapicmap function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service ho...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002653)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002653 advisory. An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix- timers.c in the POSIX timer code is caused by the way the overr...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003012)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003012 advisory. drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial o...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002302 advisory. The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, whic...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002814)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002814 advisory. drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIGVMAPSTACK option, which allows...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002819)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002819 advisory. Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service BUG or possibly have unspecified other...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001978)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001978 advisory. The xfsbuffind function in fs/xfs/xfsbuf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service NU...

CVE-2026-23498

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...

CVE-2026-23498

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...

CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...

EUVD-2026-2421

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...

CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...

CVE-2026-23498

CVE-2026-23498 affects Shopware Open Commerce Platform versions 6.7.0.0–6.7.6.0, where a regression of CVE-2023-2017 allows an array/array-crafted PHP Closure not checked against the allow list during the map(...) override. The issue is triggered in Twig-rendered views and can lead to code genera...

CVE-2026-23498 Shopware Improper Control of Generation of Code in Twig rendered views

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...

SUSE-SU-2026:0126-1 Security update for poppler

This update for poppler fixes the following issues: - CVE-2025-11896: Fixed infinite recursion leading to stack overflow due to object loop in PDF CMap bsc1252337...

Arbitrary Code Injection

Overview shopware/core is a Shopware platform is the core for all Shopware ecommerce products. Affected versions of this package are vulnerable to Arbitrary Code Injection in the map function, where closures and arrays are not properly checked against the allow list. Note: This is a regression of...

Arbitrary Code Injection

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Arbitrary Code Injection in the map function, where closures and arrays are not properly checked against the allow list. Note: This is a regression of the fix to CVE-2023-2017. Remediatio...