[SECURITY] Fedora 44 Update: python3.13-3.13.13-1.fc44

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013740)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013740 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addldescptr out-of-bounds accesses Sanitize possible addldescptr...

EUVD-2026-24455

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013136)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013136 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addldescptr out-of-bounds accesses Sanitize possible addldescptr...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010999)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010999 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addldescptr out-of-bounds accesses Sanitize possible addldescptr...

GHSA-GQP3-HFC3-8Q54 Memos has an Incorrect Privilege Assignment issue

A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the memosaccesstoken function of the UpdateInstanceSetting component when manipulating the additionalStyle or additionalScript arguments. An attacker can gain unauthorized access to sensitive informatio...

EUVD-2026-23838

A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...

CVE-2026-33657

CVE-2026-33657 affects EspoCRM up to version 9.3.3, where an stored HTML injection vulnerability allows an authenticated user with standard privileges to inject HTML into system-generated email notifications. Root cause: server-side Handlebars templates render the unescaped post field (triple-bra...

EUVD-2024-55521

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox...

CVE-2024-40849

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox...

PT-2026-29956

Mattermost doesn't rate limit login requests, allowing DoS in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2026-4700 SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB in github.com/siyuan-note/siyuan/kernel

SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

CVE-2026-33631

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 branch and earlier, the opfilter Endpoint Security system extension enforced file access policy exclusively by intercepting ESEVENTTYPEAUTHOPEN events. Seven additional file...

CVE-2025-55265

HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks...

EUVD-2026-15072

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data...

CVE-2026-28870

An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data...

CVE-2026-20697

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data...

CVE-2026-28870

An information leakage was addressed with additional validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access sensitive user data...

CVE-2026-28870

CVE-2026-28870 describes an information leakage vulnerability that was addressed with additional validation. The provided documents indicate fixes in Apple OS 26.4 family: iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4. The initial description notes that an ap...