[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-10.fc43

Nginx virtual host traffic status module...

[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-10.fc44

Nginx virtual host traffic status module...

Exploit for OS Command Injection in Arcane

CVE-2026-23520: Model Context Protocol MCP Connect RCE - Edu...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in the struct vhosttask. vhosttaskcreate creates a task and keeps a reference to its taskstruct. The task may exit early via a signal, and its taskstruct will be released. A pending vhosttaskwa...

[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-9.fc43

Nginx virtual host traffic status module...

[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-9.fc44

Nginx virtual host traffic status module...

CVE-2026-43248

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: vhci: Prevent use-after-free by removing debugfs files early The creation of debugfs files is now moved to a dedicated function. It is ensured that these files are explicitly removed during vhcirelease, before the...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Fix copytoiter return value check The return value of copytoiter can't be negative, check whether the copied length is equal to the requested length instead of checking for negative values...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.2 release and security update

Red Hat JBoss Web Server 6.2.2 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CV...

[SECURITY] Fedora 44 Update: nginx-mod-vts-0.2.4-7.fc44

Nginx virtual host traffic status module...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013494)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013494 advisory. In the Linux kernel, the following vulnerability has been resolved: vhost: fix hung thread due to erroneous iotlb entries In vhostiotlbaddrangectx, range size can...

CVE-2026-40910

Summary : frp versions 0.43.0–0.68.0 contain an authentication bypass in the HTTP vhost routing path when using routeByHTTPUser for access control. The routing logic derives the route from the Proxy-Authorization username, while access control checks credentials from the standard Authorization he...

PT-2026-34174

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

Unity Linux 20.1070a Security Update: libsoup (UTSA-2026-007256)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007256 advisory. A flaw in libsoups HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007276)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007276 advisory. In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call...

GHSA-PQ96-PWVG-VRR9 frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control

Summary frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses...

frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control

Summary frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses...

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to "MadeYouReset" DoS attack bsc1243895. CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM...

CVE-2026-29856

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...