CVE-2026-6284

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...

USN-8185-1: Linux kernel (NVIDIA) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8179-2 linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8184-1: Linux kernel (Real-time) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

GHSA-XM5M-WGH2-RRG3 vulnerabilities

Vulnerabilities for packages: kyverno-notation-aws, neuvector-sigstore-interface, trivy-operator, tkn, crossplane, ko, flux-source-controller, policy-controller, skaffold, zarf, gh, falcoctl, cosign, docker, tflint, gitsign, trivy, kyverno, vexctl, docker-cli-buildx, goreleaser, zot,...

CVE-2026-39984 vulnerabilities

Vulnerabilities for packages: kyverno-notation-aws, neuvector-sigstore-interface, trivy-operator, tkn, crossplane, ko, flux-source-controller, policy-controller, skaffold, zarf, gh, falcoctl, cosign, docker, tflint, gitsign, trivy, kyverno, vexctl, docker-cli-buildx, goreleaser, zot,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007312)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007312 advisory. In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in j1939skmatchfilter during setsockoptSOJ1939FILTER Lock jsk-sk to prevent U...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007565)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007565 advisory. In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007463)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007463 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007417)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007417 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvsworkqueue During the detaching of Marvell's SAS/SATA...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007584)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007584 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fec: remove .ndopollcontroller to avoid deadlocks There is a deadlock issue found in sungem...

GHSA-8WFP-579W-6R25 Kyverno apiCall automatically forwards ServiceAccount token to external endpoints (credential leak)

Summary Kyverno's apiCall service mode automatically attaches the admission controller's ServiceAccount SA token to outbound HTTP requests. This results in unintended credential exposure when requests are sent to external or attacker-controlled endpoints. The behavior is insecure-by-default and n...

GHSA-F9G8-6PPC-PQQ4 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Summary Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions ...

Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Summary Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions ...

USN-8179-1: Linux kernel vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

Microsoft Windows Server Domain Role Detection

SMB-login based domain role detection with powershell fallback for Windows Server. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CLEANSTART-2026-BZ28794 Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service

Multiple security vulnerabilities affect the aws-load-balancer-controller package. Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. See references for...

SUSE CVE-2026-40109

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /SyncPlay/New endpoint. An attacker can exhaust system memory and disrupt service availability by submitting excessively large SyncPlay group names in POST requests to the...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /Videos/itemId/Subtitles endpoint due to insufficient validation of the Format field, which allows path traversal via the file extension and enables arbitrary file write. An attacker can...