PT-2026-3023

Name of the Vulnerable Software and Affected Versions Omnispace Agora Project versions prior to 25.10 Description A cross site scripting XSS issue exists in Omnispace Agora Project. This allows attackers to execute arbitrary code through the notify parameter of the file controller, which is used ...

CVE-2025-67076

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002698)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002698 advisory. The vhcihcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation...

EUVD-2026-2752

Cross site scripting XSS vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors...

CVE-2025-67078

Cross site scripting XSS vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors...

CVE-2025-67078

Cross site scripting XSS vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors...

Omnispace Agora Project security vulnerabilities

Omnispace Agora Project is a satellite IoT verification project developed by the American company Omnispace. Versions of Omnispace Agora Project prior to 25.10 contained security vulnerabilities. These vulnerabilities were caused by directory traversal vulnerabilities in the misc controller and...

CVE-2025-67078

Omnispace Agora Project contains a Cross Site Scripting (XSS) vulnerability in versions prior to 25.10. The issue arises in the file controller’s notify parameter used to display errors, enabling an attacker to execute arbitrary code in the context of the affected user. The CVE is documented acro...

CVE-2025-67076

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002817)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002817 advisory. arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS,...

EUVD-2026-2762

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read...

CVE-2025-67076

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read...

CVE-2025-67078

Cross site scripting XSS vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors...

Omnispace Agora Project security vulnerabilities

Omnispace Agora Project is a satellite IoT verification project developed by the American company Omnispace. Versions of Omnispace Agora Project prior to 25.10 contained security vulnerabilities. These vulnerabilities stemmed from the notify parameter of the file controller not properly cleaning...

Security Bulletin: IBM Controller is vulnerable to exposure of sensitive information

Summary There is a vulnerability in IBM Controller due to the use of hardcoded cryptographic keys for signing session cookies. This Security Bulletin addresses CVE-2025-36326. Vulnerability Details CVEID:CVE-2025-36326 DESCRIPTION: IBM Controller could allow an attacker to obtain sensitive...

CVE-2025-67399

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device is open to access...

kernel: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock

A vulnerability was found in the Linux kernel's Controller Area Network CAN protocol, within the J1939 protocol implementation. This issue occurs due to a potential deadlock caused by a race condition involving three locks: j1939sockslock, activesessionlistlock, and sksessionqueuelock. This issue...

kernel: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths

A use-after-free vulnerability was found in the DWC3 USB controller driver in the Linux kernel. Multiple unsynchronized execution paths can invoke dwc3removerequests concurrently, leading to premature freeing of USB requests. When one path frees requests while another is still processing them, a...

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

kernel: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths

A use-after-free vulnerability was found in the DWC3 USB controller driver in the Linux kernel. Multiple unsynchronized execution paths can invoke dwc3removerequests concurrently, leading to premature freeing of USB requests. When one path frees requests while another is still processing them, a...