Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007027)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007027 advisory. In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadvncskbdecodepacket trusts codedlen a...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007028)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007028 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: fix slab-use-after-free in decodesession6 When the xfrm device is set to the qdisc of the s...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013110)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013110 advisory. In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix null pointer dereference on zero-length checksum In xdrstreamdecodeopaqueauth,...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006979)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006979 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc ...

BACnet Stack 安全漏洞

BACnet Stack is an open-source protocol stack for BACnet that is suitable for embedded systems, Linux, MacOS, BSD, and Windows. Versions prior to BACnet Stack 1.4.3 contained a security vulnerability. This vulnerability arises from the decodesigned32 function in src/bacnet/bacint.c, which uses...

JLSEC-2026-148

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

CLSA-2026-1776421961 libwebp: Fix of 2 CVEs

CVE-2018-25013, CVE-2018-25014: wait for all threads to be done in DecodeRemaining, make sure partition 0 is read before VP8 data...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007453)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007453 advisory. In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix slab-use-after-free in decodesession6 When ipv6vti device is set to the qdisc of the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007608 advisory. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007249)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007249 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: fix slab-use-after-free in decodesession6 When the xfrm device is set to the qdisc of the s...

UBUNTU-CVE-2026-40916

A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service DoS. By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a...

CVE-2026-21726

CVE-2026-21726 is a Grafana Loki path traversal vulnerability related to namespace parameter handling. The literature links it to the historic CVE-2021-36156 bypass in Loki’s path traversal, potentially allowing an attacker to read files via the Ruler API endpoint /loki/api/v1/rules/{namespace} a...

jwt-attack-suite

JWT Attack Suite Offensive JWT testing toolkit for penetrat...

CVE-2026-6111

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

CVE-2019-25709

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

CVE-2019-25709 CF Image Hosting Script 1.6.5 Unauthorized Database Access

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

MetaGPT affected by server-side request forgery in metagpt/utils/common.py

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.2. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

Server-side Request Forgery (SSRF)

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the decodeimage function in the file metagpt/utils/common.py when processing the imgurlorb64 argument. An attacker can access internal resources or perform...

GHSA-R5V8-C28H-F8R8 MetaGPT affected by server-side request forgery in metagpt/utils/common.py

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.2. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-6111

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...