Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006943)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006943 advisory. In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrinkslab and dmpoolabortmetadata Following concurrent...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011184)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011184 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix warning when putting transaction with qgroups enabled after abort If we have a...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010831)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010831 advisory. In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrinkslab and dmpoolabortmetadata Following concurrent...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007477)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007477 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ext4: make ext4abort...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007429)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007429 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: don't abort filesystem when attempting to snapshot deleted subvolume If the source file...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007611)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007611 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007315 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix memleak in map from abort path The delete set command does not rely on t...

CVE-2026-40071

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/packageorder, /json/linkorder, and /json/abortlink WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execut...

GHSA-RFGH-63MG-8PWM pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions

Summary Several WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execute MODIFY operations that should be denied by pyLoad's own permission model. Confirmed mismatches: - ADD user can reorder packages/files...

pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions

Summary Several WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execute MODIFY operations that should be denied by pyLoad's own permission model. Confirmed mismatches: - ADD user can reorder packages/files...

GHSA-MFJ6-6P54-M98C parse-server has GraphQL complexity validator exponential fragment traversal DoS

Impact The GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads. A single unauthenticated request can block the Node.js event loop for seconds, denying service to all concurrent users. This only affects...

CVE-2026-33977 FreeRDP: DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

EUVD-2026-17223

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

CVE-2026-33977

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glibc (UTSA-2026-006305)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006305 advisory. Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory...

CVE-2026-23272

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unconditionally bump set-nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be walking over it...

CVE-2026-23272

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unconditionally bump set-nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be walking over it...

CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unconditionally bump set-nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be walking over it...

WebGPU Resource Isolation Auditor

This WebGPU security javascript confirms that memory isolation between buffers is fully enforced. It does not exploit any vulnerability but rather demonstrates that behavior is working as expected. It validates that attempts to read or write outside of Buffer A's bounds are safely handled by eith...

CVE-2026-31870 cpp-httplib Affected by Remote Process Crash via Malformed Content-Length Response Header

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...