SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers

Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

GHSA-7P5M-XRH7-769R SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers

Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

PT-2026-25822

Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

SUSE-SU-2026:20720-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpicmpui bsc1254992. - CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm...

CLSA-2026-1773043650 kernel: Fix of 10 CVEs

ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer CVE-2023-53395 - net: ppp: Add bound checking for skb data on pppsynctxmung CVE-2025-37749 - ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS CVE-2022-50315 - ext2: Check block size validity during mount CVE-2023-53569 - gfs2: Fix possible data races...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005719)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005719 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit...

SUSE SLED15 / SLES15 Security Update : freerdp (SUSE-SU-2026:0763-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0763-1 advisory. - CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. - CVE-2026-24675: heap-use-after-free in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005601)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005601 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit...

SUSE SLES15 Security Update : freerdp (SUSE-SU-2026:0621-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0621-1 advisory. - CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. - CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. -...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005798)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005798 advisory. In the Linux kernel, the following vulnerability has been resolved: media: netupunidvb: fix use-after-free at deltimer When Universal DVB card is detaching,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005785)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005785 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fix a potential refcount underflow for idev Now in addrconfmodrstimer, reference...

SUSE-SU-2026:20635-1 Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: - CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel bsc1249205. - CVE-2025-39698: iouring/futex: ensure iofutexwait...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005401)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005401 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a delet...

SUSE SLES12 Security Update : freerdp (SUSE-SU-2026:0762-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0762-1 advisory. - CVE-2026-22855: heap-buffer-overflow in smartcardunpacksetattribcall bsc1256721. - CVE-2026-22857: heap-use-after-free in irpthreadfunc...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005564)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005564 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4fillsuper Th...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005768)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005768 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fix a potential refcount underflow for idev Now in addrconfmodrstimer, reference...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005478 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005705)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005705 advisory. In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy Dmcache also has the same UAF problem when dmresume and dmdestroy ar...

BIT-DISCOURSE-2026-28227 Discourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_category

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the publishtocategory topic timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known...

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. CVE-2026-24676: heap-use-after-free in audioformatcompatible bsc1257983. CVE-2026-24677: heap-buffer-overflow in...