Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013041)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013041 advisory. In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspac...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-007017)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007017 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak when register 'hctx' failed There's issue as follows when do fault...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011100)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011100 advisory. In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspac...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010752)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010752 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010781)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010781 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - fix the aead software fallback for engine Due to the subreq pointer misus...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010693)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010693 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the setkey and unsetkey functions. An attacker can overwrite arbitrary files by creating a crafted symbolic link that is followed during a cross-device rename fallback. PoC python import os import sys import tempfile...

OPENSUSE-SU-2026:20589-1 Security update for tor

This update for tor fixes the following issues: Changes in tor: - update to 0.4.8.23: Fix a memory compare using the wrong length. This could lead to a remote crash when using the conflux subsystem TROVE-2026-004, boo1262302 Fix a series of defense in depth security issues found across the codeba...

Denial Of Service (DoS)

github.com/google/osv-scalibr is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of empty directory responses in the filesystem traversal fallback path, which allows an attacker to trigger an out-of-bounds access index out of range leading to a panic and...

Microsoft Windows Server Domain Role Detection

SMB-login based domain role detection with powershell fallback for Windows Server. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

EUVD-2026-22840

Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

CVE-2026-40160

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, webcrawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get with followredirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...

CVE-2026-34727

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback...

SUSE-SU-2026:21123-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-38542: RDMA/manaib: boundary check before installing cq callbacks bsc1226591. - CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in...

MAL-2026-2562 Malicious code in robase-fallback (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a90a9e6e638fef782e18c99b5ab69341776385c7c7e6000af01a6b0fd2c3b0b6 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

EUVD-2026-21513

PraisonAIAgents: SSRF via unvalidated URL in webcrawl httpx fallback...

GHSA-QQ9R-63F6-V542 PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback

| Field | Value | |---|---| | Severity | High | | Type | SSRF -- unvalidated URL in webcrawl httpx fallback allows internal network access | | Affected | src/praisonai-agents/praisonaiagents/tools/webcrawltools.py:133-180 | Summary webcrawl's httpx fallback path passes user-supplied URLs directly...

CVE-2026-40160

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, webcrawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get with followredirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...

CVE-2026-40160 PraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallback

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, webcrawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get with followredirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...

CVE-2026-40160

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, webcrawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get with followredirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...