Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: jq (UTSA-2026-014276)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014276 advisory. jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whos...

PsiTransfer 路径遍历漏洞

PsiTransfer is a simple, self-hosted file sharing solution developed by Christoph Wiechert. Versions of PsiTransfer prior to 2.4.3 contained a path traversal vulnerability. This vulnerability stemmed from the PATCH upload process, which validated the encoded request paths, but the downstream TUS...

openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation in the HTTPUEContextTransfer process when an unsupported Content-Type is received. An attacker can cause the processor to operate on an uninitialized object by sending a request with an unexpected Content-Typ...

CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock in cpu hotplug with osnoise The following sequence may leads deadlock in cpu hotplug: task1 task2 task3 ----- ----- ----- mutexlock&interfacelock CPU GOING OFFLINE cpuswritelock; osnoisecpudie;...

[SECURITY] Fedora 43 Update: jq-1.8.1-3.fc43

lightweight and flexible command-line JSON processor jq is like sed for JSON data =E2=80=93 you can use it to slice and filter and map and transform structured data with the same ease that sed, awk, grep and friends let you play with text. It is written in portable C, and it has zero runtime...

MinIO 授权问题漏洞

MinIO is an open-source object storage server developed by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions of MinIO from RELEASE.2023-05-18T00-05-36Z to RELEASE.2026-04-11T03-20-12Z containe...

CVE-2026-40343 free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

br.com.archbase:archbase-annotation-processor (>=2.0.0 <=2.1.18), br.com.archbase:archbase-app-framework (>=2.0.0 <=2.1.18) +1589 more potentially affected by CVE-2026-22751 via org.springframework.security:spring-security-core (>=6.5.0 <=6.5.1)

org.springframework.security:spring-security-core MAVEN version =6.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.18 and more Source cves: CVE-2026-22751 Source advisory: OSV:GHSA-X2WQ-9X2F-FHJ7...

EUVD-2026-24131

XiangShan open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA Physical Memory Attribute CSR state. Though the RISC-V privilege...

CVE-2026-29644

XiangShan open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA Physical Memory Attribute CSR state. Though the RISC-V privilege...

USN-8191-1: Apache Commons IO vulnerability

It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resources under certain circumstances. An attacker could possibly use this issue to cause Apache Commons IO to crash, resulting in a denial of service...

CVE-2026-29643

XiangShan Open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 contains an improper exceptional-condition handling flaw in its CSR subsystem NewCSR. On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR...

CVE-2026-29644

XiangShan open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA Physical Memory Attribute CSR state. Though the RISC-V privilege...

XiangShan 安全漏洞

XiangShan is an open-source high-performance RISC-V processor project developed by XiangShan in China. There is a security vulnerability in XiangShan, which stems from improper control of the distributed CSR write enablement path. This vulnerability could allow local attackers to modify memory...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010973)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010973 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom-hw: Fix memory leak in qcomcpufreqhwreadlut If cpudev fails to get opp table in...

PT-2026-34532

It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resources under certain circumstances. An attacker could possibly use this issue to cause Apache Commons IO to crash, resulting in a denial of service...

CVE-2026-29644

XiangShan open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 has improper gating of its distributed CSR write-enable path, allowing illegal CSR write attempts to alter custom PMA Physical Memory Attribute CSR state. Though the RISC-V privilege...

CVE-2026-29644

CVE-2026-29644 concerns XiangShan, an open-source high-performance RISC-V processor. The issue arises from improper gating of the distributed CSR write-enable path in the commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28), which can allow illegal CSR write attempts to alter the custom P...