Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained

Overview For executive leadership, the emergence of Kyber ransomware represents a significant and immediate threat due to its specialized, dual-platform deployment capability targeting mission-critical virtualization infrastructure VMware ESXi and core Windows file systems. This cross-platform...

SUSE-SU-2026:21263-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2025-12748: Denial of service in XML parsing bsc1253278. - CVE-2025-13193: Information disclosure via world-readable VM snapshots bsc1253703...

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system with a Java VM component that supports running Java programs in the database. A data disclosure vulnerability exists in Oracle Database Server. The vulnerability arises from a failure of the Java VM component to properly handle a...

PT-2026-34147

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 19.3 through 19.30 Oracle Database Server versions 21.3 through 21.21 Description An issue exists in the Java VM component of Oracle Database Server. An unauthenticated attacker with network access via Oracle Ne...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013285)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013285 advisory. A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013323)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013323 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use onlinevcpus, not createdvcpus, to iterate over vCPUs Use the kvmforeachvcpu helper ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011173)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011173 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies cou...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011127)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011127 advisory. In the Linux kernel, the following vulnerability has been resolved: Drivers: vmbus: Check for channel allocation before looking up relids relid2channel assumes vmbus...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006977)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006977 advisory. In the Linux kernel, the following vulnerability has been resolved: VMCI: check context-notifypage after call to getuserpagesfast to avoid GPF The call to...

CVE-2026-40323

SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof...

ROS-20260420-73-0033

A vulnerability in Incus container management system and virtual machine manager is related to insecure privilege management. Exploitation of the vulnerability could allow an attacker to escalate privileges...

CVE-2026-40323

SP1 (zero‑knowledge VM) has a soundness vulnerability in the V6 recursive shard verifier affecting versions 6.0.0–6.0.2, allowing a malicious prover to construct a recursive proof from a shard proof that the native verifier would reject. The issue is fixed in version 6.1.0. Impact is described as...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007392)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007392 advisory. In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy run-time warning in dgdispatchashost Syzkaller hit 'WARNING in dgdispatchashost...

SUSE SLES15 Security Update : ovmf (SUSE-SU-2026:1413-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1413-1 advisory. This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error...

(0Day) Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to escape the container and execute high-privileged code within the Docker Hyper-V VM in order to exploit this vulnerability. The specific flaw...

CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

UBUNTU-CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

CVE-2026-33414 PowerShell Command Injection in Podman HyperV Machine

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

CVE-2026-33414

Summary: CVE-2026-33414 affects Podman

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Resize-VHD PowerShell command construction process. An attacker can execute arbitrary PowerShell commands with the privileges of the affected process by supplying a crafted VM image path containing malicious...