CVE-2025-62814

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of fthandle in loadfwutcvector causes a denial of service...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005506)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005506 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Remove broken LDR literal uprobe support The simulateldrliteral and...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005750)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005750 advisory. In the Linux kernel, the following vulnerability has been resolved: media: platform: mediatek: vpu: fix NULL ptr dereference If pdev is NULL, then it is still...

PT-2026-22748

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400 Description A flaw exists in Samsung Mobile Processors Exynos 1280, 2200, 1380, 1480, and 2400 where a NULL pointer dereference of ft handle within the load fw utc vector functio...

CVE-2025-62814

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of fthandle in loadfwutcvector causes a denial of service...

CVE-2025-48645

PT Security vulnerability records PT-2026-4689, PT-2026-4690, PT-2026-4688, PT-2026-4686, PT-2026-4692, PT-2026-4684, PT-2026-4683, PT-2026-4687, PT-2026-4691 describe upcoming patch-level advisories listing CVE-2025-48645 as a High severity issue among a long list of CVEs (including CVE-2026-00x...

CVE-2026-28416

A flaw was found in Gradio, an open-source Python package for rapid prototyping. A remote attacker can exploit a Server-Side Request Forgery SSRF vulnerability by hosting a malicious Gradio Space. When a victim application uses gr.load to load this attacker-controlled Space, a malicious proxyurl...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005567)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005567 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection...

Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

Summary A Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses gr.load to load an attacker-controlled Space, the malicious proxyurl from the config is...

OESA-2026-1428 openldap security update

OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols for accessing directory services usually phone book style information, but other information is possible over the Internet, similar to the way DNS Domain...

OESA-2026-1427 openldap security update

OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols for accessing directory services usually phone book style information, but other information is possible over the Internet, similar to the way DNS Domain...

OESA-2026-1426 openldap security update

OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols for accessing directory services usually phone book style information, but other information is possible over the Internet, similar to the way DNS Domain...

OESA-2026-1425 openldap security update

OpenLDAP is an open source suite of LDAP Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols for accessing directory services usually phone book style information, but other information is possible over the Internet, similar to the way DNS Domain...

CVE-2026-28416 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...

CVE-2026-28416

Gradio prior to v6.6.0 is affected by an SSRF in gr.load() via a malicious Space that causes the config-provided proxy_url to be trusted and added to the allowlist. An attacker can trigger arbitrary HTTP requests from the victim’s server to internal services, cloud metadata endpoints, and private...

CVE-2026-28416 Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...

EUVD-2026-9031

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

CVE-2026-3327 Authenticated DatoCMS Web Previews Plugin Iframe Injection

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

SUSE-SU-2026:0685-1 Security update for valkey

This update for valkey fixes the following issues: Update to version 8.0.7. Security issues fixed: - CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts bsc1258746. - CVE-2026-21863: denial of service via invalid clusterbus packet bsc1258788...

PT-2026-22415

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.6.0 Description Gradio is a Python package for rapid prototyping. A Server-Side Request Forgery SSRF condition exists in Gradio that allows an attacker to initiate arbitrary HTTP requests from a victim’s server. This...