runtime-exploit-guard

Container Exec - Python Script Reads attack-vuln-image-mappi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007510)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007510 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcrrt5640: Fix invalid quirk input mapping When an invalid value is passed via qui...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007614)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007614 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007431)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007431 advisory. In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after mapping cleanup shutdownpirq and startuppirq are not taking the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007372)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007372 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcrrt5651: Fix invalid quirk input mapping When an invalid value is passed via qui...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007629)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007629 advisory. In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Prevent leaking grants Prior to this commit, if a grant mapping operation failed...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007318)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007318 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters o...

BIT-AUTHENTIK-2026-25227 authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint

authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the MappingEngine.TryMapCollectionOntoExisting object through Mapsrc call. An attacker can exhaust system resources and cause application downtime by submitting large collection...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the MappingEngine.TryMapCollectionOntoExisting object through Mapsrc call. An attacker can exhaust system resources and cause application downtime by submitting large collection...

GHSA-VP6R-9M58-5XV8 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping

Impact Server-side EL injection leading to Remote Code Execution RCE. Affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g. libraryName:=https://cdn.example.com/. An attacker can craft a resource request URL containing an EL expression in the resource name, which is...

PT-2026-37154

Name of the Vulnerable Software and Affected Versions OmniFaces versions prior to 1.14.2 OmniFaces versions prior to 2.7.32 OmniFaces versions prior to 3.14.16 OmniFaces versions prior to 4.7.5 OmniFaces versions prior to 5.2.3 Description Server-side Expression Language EL injection allows for...

MCPThreatHive: Automated Threat Intelligence for Model Context Protocol Ecosystems

The rapid proliferation of Model Context Protocol MCP-based agentic systems has introduced a new category of security threats that existing frameworks are inadequately equipped to address. We present MCPThreatHive, an open-source platform that automates the end-to-end lifecycle of MCP threat...

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: CVE-2026-33999: XKB integer underflow in XkbSetCompatMap bsc1260922. CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom bsc1260923. CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence bsc1260924. CVE-2026-34002: XKB...

SUSE-SU-2026:1330-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: - CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap bsc1260922. - CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom bsc1260923. - CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence bsc1260924. - CVE-2026-34002: XKB...

EUVD-2025-209409

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

SUSE-SU-2026:21102-1 Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: - CVE-2025-40159: xsk: Harden userspace-supplied xdpdesc validation bsc1253404. - CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken...

CVE-2025-15441

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

CVE-2025-15441 Form Maker < 1.15.38 - SQL Injection

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

CVE-2025-15441

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...