Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005669)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005669 advisory. In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a pstore/ram: Do not...

GHSA-VMWQ-8G8C-JM79 OpenChatBI has a Path Traversal Vulnerability in save_report Tool

Impact The savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the fileformat parameter. The function only removes leading dots of fileformat using fileformat.lstrip"." but allows path traversal sequences...

CVE-2026-0029

In pkvminitvm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0029

In pkvminitvm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-22677

Name of the Vulnerable Software and Affected Versions versions prior to 2026-0029 Description A logic error in the pkvm init vm function within pkvm.c may lead to memory corruption. This could allow for local escalation of privilege without requiring additional execution privileges or user...

ALSA-2026:3477 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Stack-based Buffer Overflow in gnutlspkcs11tokeninit Function CVE-2025-9820 gnutls: GnuTLS: Denial of Service vi...

USN-8052-2 linux-xilinx vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...

K000160130: Linux kernel vulnerability CVE-2022-50356

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfbinit fails When the default qdisc is sfb, if the qdisc of devqueue fails to be inited during mqprioinit, sfbreset is invoked to clear resources...

CVE-2026-26981 OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in...

CVE-2026-26981 OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in...

CVE-2026-2975 FastApiAdmin Custom Documentation Endpoint init_app.py reset_api_docs information disclosure

A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...

munge security update

0.5.13-14.0.1 - Updated path for removal of unneeded init file 0.5.13-14 - Fix CVE-2026-25506 - Resolved: RHEL-148533...

Amazon Linux 2023 : ecs-init (ALAS2023-2026-1443)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1443 advisory. The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1430)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1430 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicate device on updates CVE-2025-38678 In the Linux kernel, the following vulnerability has...

CVE-2026-23218

In the Linux kernel, the following vulnerability has been resolved: gpio: loongson-64bit: Fix incorrect NULL check after devmkcalloc Fix incorrect NULL check in loongsongpioinitirqchip. The function checks chip-parent instead of chip-irq.parents...

UBUNTU-CVE-2026-23218

In the Linux kernel, the following vulnerability has been resolved: gpio: loongson-64bit: Fix incorrect NULL check after devmkcalloc Fix incorrect NULL check in loongsongpioinitirqchip. The function checks chip-parent instead of chip-irq.parents...

CVE-2026-23218 gpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc()

In the Linux kernel, the following vulnerability has been resolved: gpio: loongson-64bit: Fix incorrect NULL check after devmkcalloc Fix incorrect NULL check in loongsongpioinitirqchip. The function checks chip-parent instead of chip-irq.parents...

SUSE CVE-2026-23125

In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails: ================================================================== KASAN:...

PT-2026-20430

In the Linux kernel, the following vulnerability has been resolved: gpio: loongson-64bit: Fix incorrect NULL check after devm kcalloc Fix incorrect NULL check in loongson gpio init irqchip. The function checks chip-parent instead of chip-irq.parents...

Medium: ecs-init

Issue Overview: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content. CVE-2025-47911 The html.Parse function in golang.org/x/net/html has an...