Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017563)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017563 advisory. A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior...

OPENSUSE-SU-2026:10747-1 php8-8.5.6-1.1 on GA media

These are all security issues fixed in the php8-8.5.6-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-31368

AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability...

CVE-2026-25077

Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can...

UBUNTU-CVE-2026-7261

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...

EUVD-2026-28970

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...

OPENSUSE-SU-2026:10743-1 tar-1.35-7.1 on GA media

These are all security issues fixed in the tar-1.35-7.1 package on the GA media of openSUSE Tumbleweed...

PHP 缓冲区错误漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a buffer error vulnerability. This vulnerability stemmed from the use of the metaphone function, which used signed integer variables to track the current...

OPENSUSE-SU-2026:10742-1 libQt6Svg6-6.11.0-2.1 on GA media

These are all security issues fixed in the libQt6Svg6-6.11.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10738-1 MozillaThunderbird-140.10.2-1.1 on GA media

These are all security issues fixed in the MozillaThunderbird-140.10.2-1.1 package on the GA media of openSUSE Tumbleweed...

java-11-openj9-11.0.31.0-1.1 on GA media (moderate)

java-11-openj9-11.0.31.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10724-1 Rating: moderate Cross-References: CVE-2026-22007 CVE-2026-22016 CVE-2026-22021 CVE-2026-34268 CVSS scores: CVE-2026-22007 SUSE : 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-22007 SUSE : 2.1...

EUVD-2026-28899

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges...

SUSE CVE-2026-43131

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix null pointer dereference issue If SMU is disabled, during RAS initialization, there will be null pointer dereference issue here...

CVE-2026-42343

FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit a 500ms polling interval for memory management and...

CVE-2026-43364

Summary (CVE-2026-43364) : In the Linux kernel ublk subsystem, a local attacker can trigger a NULL pointer dereference by sending UPDATE_SIZE to a ublk device that has been added but not started, or that has been stopped. The root cause is missing state validation in ublk_ctrl_set_size(), which d...

BIT-PYTHON-MIN-2025-12084 Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

BIT-PYTHON-2025-12084 Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

BIT-MONGODB-2026-6914 MD5 checksum creation may cause availability loss

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

PT-2026-39160

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

OPENSUSE-SU-2026:10722-1 glibc-2.43-2.1 on GA media

These are all security issues fixed in the glibc-2.43-2.1 package on the GA media of openSUSE Tumbleweed...