Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011056)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011056 advisory. In the Linux kernel, the following vulnerability has been resolved: testfirmware: fix memory leak in testfirmwareinit When miscregister failed in testfirmwareinit, t...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013007)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013007 advisory. In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011289)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011289 advisory. In the Linux kernel, the following vulnerability has been resolved: gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611connectorinit A NULL check for...

EUVD-2026-23697

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has be...

CVE-2026-6568 kodcloud KodExplorer Public Share share.class.php initShareOld path traversal

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated...

GHSA-XGP8-3HG3-C2MH vulnerabilities

Vulnerabilities for packages: rustup, parseable, uv, atuin, sccache, linkerd-extension-init, zizmor, pixi, linkerd2-proxy, py3-xet-core, qdrant, samply, zola, kdash, wasmtime, lychee, wasmcloud, ntpd-rs, shadowsocks-rust, xh, linkerd2, ztunnel, buck2, sqlx, cargo-audit, linkerd-network-validator,...

GHSA-965H-392X-2MH5 vulnerabilities

Vulnerabilities for packages: rustup, parseable, uv, atuin, sccache, linkerd-extension-init, zizmor, pixi, linkerd2-proxy, py3-xet-core, qdrant, samply, zola, kdash, wasmtime, lychee, wasmcloud, ntpd-rs, shadowsocks-rust, xh, linkerd2, ztunnel, buck2, sqlx, cargo-audit, linkerd-network-validator,...

GHSA-965H-392X-2MH5 vulnerabilities

Vulnerabilities for packages: komodo, buck2, linkerd-extension-init, linkerd2, garage, deno, parseable, pixi, zola, zellij, linkerd2-proxy, uv, wasm-pack, ztunnel, lychee, atuin, linkerd-network-validator, py3-xet-core, samply, wasmtime, tealdeer, asciinema, kdash, wasmcloud, lakekeeper,...

GHSA-XGP8-3HG3-C2MH vulnerabilities

Vulnerabilities for packages: komodo, buck2, linkerd-extension-init, linkerd2, garage, deno, parseable, pixi, zola, zellij, linkerd2-proxy, uv, wasm-pack, ztunnel, lychee, atuin, linkerd-network-validator, py3-xet-core, samply, wasmtime, tealdeer, asciinema, kdash, wasmcloud, lakekeeper,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007378)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007378 advisory. In the Linux kernel, the following vulnerability has been resolved: ARM: zynq: Fix refcount leak in zynqearlyslcrinit offindcompatiblenode returns a node pointer wit...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007265)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007265 advisory. In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budgetavattach When saa7146registerdevice and saa7146vvinit...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007341)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007341 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix memory leak in ocfs2stackglueinit ocfs2tableheader should be free in ocfs2stackglueini...

MAL-2026-2891 Malicious code in chai-as-init (npm)

chai-as-init is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/c2e881b8bc0fe2121454 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

GHSA-HW5X-4R37-72W7 OpenTofu has unbounded memory usage, high CPU usage, or deadlock in "tofu init" with maliciously-crafted dependency responses

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or deadlock when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...

PT-2026-32951

Name of the Vulnerable Software and Affected Versions libsixel versions prior to 1.8.7-r1 Description A use-after-free issue exists in the sixel encoder encode bytes function. The sixel frame init function stores the caller-owned pixel buffer pointer directly in frame-pixels without creating a...

Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-101 (ALASECS-2026-101)

"The version of ecs-init installed on the remote host is prior to 1.102.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-101 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Un...

[SECURITY] Fedora 42 Update: corosync-3.1.9-4.fc42

This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script...

UBUNTU-CVE-2026-5446

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

CVE-2026-34734

HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5Tconvstruct. The original object was...

[SECURITY] Fedora 43 Update: corosync-3.1.10-2.fc43

This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script...