EUVD-2026-35410

In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tapgetuserxdp tapgetuserxdp rejects a frame shorter than ETHHLEN with -EINVAL, and returns -ENOMEM when buildskb fails. Both paths jump to the err label without freeing the page that...

CVE-2026-40910

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-10.fc43

Nginx virtual host traffic status module...

[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-10.fc44

Nginx virtual host traffic status module...

Exploit for OS Command Injection in Arcane

CVE-2026-23520: Model Context Protocol MCP Connect RCE - Edu...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: vhost: moved the bound check for vdpa group to vhostvdpa. Duplications have been removed by consolidating them here. This reduces the possibility that a parent driver may miss them. Additionally, we’ve fixed a bug in vdpasim,...

[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-9.fc43

Nginx virtual host traffic status module...

[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-9.fc44

Nginx virtual host traffic status module...

CVE-2026-43248

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.2 release and security update

Red Hat JBoss Web Server 6.2.2 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CV...

[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-7.fc44

Nginx virtual host traffic status module...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013494)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013494 advisory. In the Linux kernel, the following vulnerability has been resolved: vhost: fix hung thread due to erroneous iotlb entries In vhostiotlbaddrangectx, range size can...

CVE-2026-40910

Summary : frp versions 0.43.0–0.68.0 contain an authentication bypass in the HTTP vhost routing path when using routeByHTTPUser for access control. The routing logic derives the route from the Proxy-Authorization username, while access control checks credentials from the standard Authorization he...

PT-2026-34174

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007276)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007276 advisory. In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call...

Unity Linux 20.1070a Security Update: libsoup (UTSA-2026-007256)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007256 advisory. A flaw in libsoups HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies...

GHSA-PQ96-PWVG-VRR9 frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control

Summary frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses...

frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control

Summary frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses...

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to "MadeYouReset" DoS attack bsc1243895. CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM...

CVE-2026-29856

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...