Cisco IP Phones Improper Neutralization of Input During Web Page Generation (CVE-2025-20351)

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web ...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000877)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000877 advisory. The x86decodeinsn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service host OS...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001181)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001181 advisory. The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel through 4.14.4, when CONFIGNLMON is enabled, does not restrict observations of Netli...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000736)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000736 advisory. fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount o...

MiracleLinux 4 : bind-9.8.2-0.10.6.0.1rc1.AXS4 (AXSA:2013-02:01)

"The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-02:01 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names t...

CVE-2025-64516

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item ticket, asset, .... If the public FAQ is enabled, this unauthorized access can be performed by an anonymous user. This vulnerability is fixed i...

team: fix check for port enabled in team_queue_override_port_prio_changed()

...

CVE-2025-67823

CVE-2025-67823 affects Mitel MiContact Center Business up to version 10.2.0.10 and Mitel CX up to 1.1.0.1. The vulnerability is in the Multimedia Email component and stems from insufficient input validation, enabling an unauthenticated attacker to perform a Cross-Site Scripting (XSS) attack. A su...

CVE-2025-67823

A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting XSS attack due to insufficient input validation. A successful exploit requires user...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003477)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003477 advisory. KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002248)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002248 advisory. The sctpassocupdate function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a deni...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003164)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003164 advisory. Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14,...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the loadRLE function in PluginTARGA.cpp. An attacker can cause a crash or unintended behavior by providing a specially crafted TGA image with RLE compression enabled. Remediation There is no fixed version for freeimag...

SUSE CVE-2025-71091

In the Linux kernel, the following vulnerability has been resolved: team: fix check for port enabled in teamqueueoverrideportpriochanged There has been a syzkaller bug reported recently with the following trace: listdel corruption, ffff888058bea080-prev is LISTPOISON2 dead000000000122 -----------...

CVE-2025-71091

In the Linux kernel, the following vulnerability has been resolved: team: fix check for port enabled in teamqueueoverrideportpriochanged There has been a syzkaller bug reported recently with the following trace: listdel corruption, ffff888058bea080-prev is LISTPOISON2 dead000000000122 -----------...

CVE-2025-71091

In the Linux kernel, the following vulnerability has been resolved: team: fix check for port enabled in teamqueueoverrideportpriochanged There has been a syzkaller bug reported recently with the following trace: listdel corruption, ffff888058bea080-prev is LISTPOISON2 dead000000000122 -----------...

CVE-2025-71091 team: fix check for port enabled in team_queue_override_port_prio_changed()

In the Linux kernel, the following vulnerability has been resolved: team: fix check for port enabled in teamqueueoverrideportpriochanged There has been a syzkaller bug reported recently with the following trace: listdel corruption, ffff888058bea080-prev is LISTPOISON2 dead000000000122 -----------...

CVE-2025-71091

In the Linux kernel, the following vulnerability has been resolved: team: fix check for port enabled in teamqueueoverrideportpriochanged There has been a syzkaller bug reported recently with the following trace: listdel corruption, ffff888058bea080-prev is LISTPOISON2 dead000000000122 -----------...

CVE-2025-71091 team: fix check for port enabled in team_queue_override_port_prio_changed()

In the Linux kernel, the following vulnerability has been resolved: team: fix check for port enabled in teamqueueoverrideportpriochanged There has been a syzkaller bug reported recently with the following trace: listdel corruption, ffff888058bea080-prev is LISTPOISON2 dead000000000122 -----------...

Sensitive Information Disclosure

Sentry-Javascript is vulnerable to Sensitive Information Disclosure. The vulnerability is due to over-collection of sensitive HTTP headers when sendDefaultPii is enabled, where headers such as Cookie can be sent to and stored in Sentry traces, allowing users with access to the Sentry organization...