Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021561)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021561 advisory. In the Linux kernel, the following vulnerability has been resolved: vme: Fix error not catched in fakeinit In fakeinit, rootdeviceregister is possible to fail but it...

OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle

Summary The BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry OpenMcdf/DirectoryTree.cs:35-46 walks directory entries by repeatedly calling directories.TryGetSiblingchild, siblingType, validateColor. A crafted CFB file with cyclic Left/Right sibling links among directory entries -...

GHSA-HCF7-66RW-9F5R Trubo: Login callback CSRF/session fixation

Impact Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a request to the local callback server with an attacker-controlled token. If accepted before the...

cisco-hypershield

Ansible Collection: stevefulme1.ciscohypershield Ansible Col...

CVE-2026-8966

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

UBUNTU-CVE-2026-8966

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

CVE-2026-8966

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

GHSA-HF67-5VVQ-FM3R Keycloak: Session fixation in OIDC login flow that can lead to account takeover

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...

CVE-2026-8966 Information disclosure in the IP Protection component

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

CVE-2026-8966

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

CVE-2026-8966 Information disclosure in the IP Protection component

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

EUVD-2026-30918

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

CVE-2026-8966

CVE-2026-8966 affects Mozilla Thunderbird (earlier than 151.0) and concerns information disclosure in the IP Protection component. Multiple connected sources corroborate the impact as information disclosure, with the vulnerability fixed in Thunderbird 151 (and Firefox 151 per the initial entry). ...

CVE-2026-8966

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

CVE-2026-8966

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

CVE-2026-7507 Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...

EUVD-2026-30889

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...

CVE-2026-7507

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...

CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...