CLSA-2026-1768209702 ruby: Fix of CVE-2025-24294

CVE-2025-24294: fix decompressed name length limit in DNS resolver to prevent exceeding RFC 1035's 255-octet maximum...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000393)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000393 advisory. Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more th...

CVE-2025-62096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Maximum Products per User for WooCommerce maximum-products-per-user-for-woocommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through = 4.4....

PT-2026-28803

Name of the Vulnerable Software and Affected Versions tinyproxy versions up to and including 1.11.3 Description An integer overflow in the HTTP chunked transfer encoding parser can lead to a denial of service DoS. The issue arises because chunk size values are parsed without proper overflow...

PT-2026-26049

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: bounds-check link id in ieee80211 ml reconfiguration link id is taken from the ML Reconfiguration element control & 0x000f, so it can be 0..15. link removal timeout has IEEE80211 MLD MAX NUM LINKS 15 elements, so...

PT-2026-8117

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a data race condition within the ndisc router discovery function. The syzbot tool identified that this function could read and write to in6 dev-ra mtu without...

PT-2026-25333

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A client-side heap out-of-bounds read/write issue exists in FreeRDP's bitmap cache subsystem. This is due to an incorrect boundary...

CVE-2025-62096 WordPress Maximum Products per User for WooCommerce plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Maximum Products per User for WooCommerce maximum-products-per-user-for-woocommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through = 4.4....

CVE-2025-62096 WordPress Maximum Products per User for WooCommerce plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Maximum Products per User for WooCommerce maximum-products-per-user-for-woocommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through = 4.4....

EUVD-2025-205952

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Maximum Products per User for WooCommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through 4.4.2...

WordPress Maximum Products per User for WooCommerce plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Maximum Products per User for WooCommerce versions = 4.4.3...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993281)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993281 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interfac...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992843)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992843 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning If getnumsdmaqueues or getnumxgmisdmaqueues is ...

PT-2025-54316

Name of the Vulnerable Software and Affected Versions WPFactory Maximum Products per User for WooCommerce versions through 4.4.2 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Cross-site Scripting XSS issue. This...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993162)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993162 advisory. In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on probe Add the missing sanity check on the probed-session...

CLSA-2025-1767120767 Fix CVE(s): CVE-2025-14178

SECURITY UPDATE: Heap buffer overflow in arraymerge - debian/patches/CVE-2025-14178.patch: add validation to check if total element count exceeds HTMAXSIZE before allocation. - CVE-2025-14178...

EUVD-2023-60390

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: Limit TCATAPRIOATTRSCHEDCYCLETIME to INTMAX. syzkaller found zero division error 0 in divs64rem called from getcycletimeelapsed, where sched-cycletime is the divisor. We have tests in parsetaprioschedule so tha...

CVE-2023-54251

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: Limit TCATAPRIOATTRSCHEDCYCLETIME to INTMAX. syzkaller found zero division error 0 in divs64rem called from getcycletimeelapsed, where sched-cycletime is the divisor. We have tests in parsetaprioschedule so tha...

UBUNTU-CVE-2022-50816

In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report 1 with no reproducer hints at a bug in ip6gre tunnel dev:ip6gretap0 Since ipv6 mcast code makes sure to read dev-mtu once and applies a sanity check on it see commit...

CVE-2023-54251 net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: Limit TCATAPRIOATTRSCHEDCYCLETIME to INTMAX. syzkaller found zero division error 0 in divs64rem called from getcycletimeelapsed, where sched-cycletime is the divisor. We have tests in parsetaprioschedule so tha...