Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012986)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012986 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011399)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011399 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013359 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012987)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012987 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: do not free live element Pablo reports a crash with large batches of...

GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay

A flaw was found in GStreamer. This out-of-bounds write vulnerability exists within the rtpqdm2depay element, specifically during the processing of X-QDM Real-time Transport Protocol RTP payload elements. A remote attacker can exploit this by providing malformed user-supplied data to the packetid...

GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay

A flaw was found in GStreamer. This out-of-bounds write vulnerability exists within the rtpqdm2depay element, specifically during the processing of X-QDM Real-time Transport Protocol RTP payload elements. A remote attacker can exploit this by providing malformed user-supplied data to the packetid...

OSV-2026-595 UNKNOWN WRITE in std::__1::istreambuf_iterator<char, std::__1::char_traits<char>> std::__1::num_g

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504141064 Crash type: UNKNOWN WRITE Crash state: std::1::istreambufiterator std::1::numg std::1::basicistream& std::1::inputar igl::MshLoader::parseelementfield...

Cross-site Scripting (XSS)

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS leading to cross-site scripting, via custom elements. When CUSTOMELEMENTHANDLING is not enabled, and an attacker has already polluted the prototype...

MGASA-2026-0104 Updated python-cairosvg packages fix security vulnerability

CairoSVG vulnerable to Exponential DoS via recursive element amplification. CVE-2026-31899...

Security update for python-CairoSVG

This update for python-CairoSVG fixes the following issue: CVE-2026-31899: denial of service via recursive element amplification bsc1259690. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

SUSE-SU-2026:1421-1 Security update for python-CairoSVG

This update for python-CairoSVG fixes the following issue: - CVE-2026-31899: denial of service via recursive element amplification bsc1259690...

DOMSanitizer 安全漏洞

DOMSanitizer is a security operation or filter developed by Andy Miller as an individual contributor for the DOM Document Object Model. Versions of DOMSanitizer prior to 1.0.10 contained security vulnerabilities, which were caused by insufficient checks on the content of the style element in SVG...

ROS-20260417-73-0040

Vulnerability in zabbix-lts related to providing a data element for an erroneous session. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

ROS-20260417-73-0043

Vulnerability in zabbix7.4 related to the provisioning of a data element for an erroneous session. Exploitation of the vulnerability may allow an attacker to escalate his privileges...

ROS-20260417-73-0041

Vulnerability in zabbix7-lts related to providing a data element for an erroneous session. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007315 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix memleak in map from abort path The delete set command does not rely on t...

EUVD-2026-23110

sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements...

sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements

Summary Commit 49d0bb7 introduced a regression in sanitize-html that bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option. Entity-encoded HTML inside these elements passes through the sanitizer as decoded, unescaped HTML, allowing injection of arbitrary...

Operator Precedence Logic Error

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Operator Precedence Logic Error in the form of short-circuit evaluation that gives precedence to ADDTAGS over FORBIDTAGS in sanitizeElements. In an application where ADDTAG...

Fedora 43 : python-cairosvg (2026-ec61ca906c)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ec61ca906c advisory. Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c...