5 matches found
CVE-2026-24352
PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...
CVE-2026-24351
PluXml CMS is affected by CVE-2026-24351 (Stored XSS in Static Pages editing). An attacker with editing privileges can inject arbitrary HTML/JS that is rendered when visiting the edited page. Vulnerable confirmed in versions 5.8.21 and 5.9.0-rc7; other versions were not tested and might also be v...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001373)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001373 advisory. An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMA...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000371)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000371 advisory. A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of- bounds memory write can occur leading to memory corruption or ...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000348)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000348 advisory. A flaw was found in the HDLCPPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation i...