Alibaba Cloud Linux 3 : 0071: rsync (ALINUX3-SA-2026:0071)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0071 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-10158: A malicious client acting as the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013253)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013253 advisory. ieee802154create in net/ieee802154/socket.c in the AFIEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that...

CVE-2026-31018

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

CVE-2026-31019

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...

PT-2026-33931

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shell exec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

PT-2026-33987

In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based filtering to restrict dangerous PHP functions related to system command execution. An authenticated user with permission to edit PHP content can bypass this filtering, resulting in full remote code...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from Google Inc. There is a security vulnerability in Google Go, which stems from the golang.org/x/image/font/sfnt module’s ability to improperly allocate memory when parsing maliciou...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010977)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010977 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/meson: explicitly remove aggregate driver at module unload time Because componentmasterdel...

CVE-2026-31018

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

CVE-2026-31018

In Dolibarr ERP & CRM <= 22.0.4, the Website module’s PHP code detection and editing permission enforcement is not consistently applied to all input parameters. This allows an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010937)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010937 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fix possible memory leak while module exiting Afer commit 1fa5ae857bb1 driver core:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013101)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013101 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release mutex after nftgcseqend from abort path The commit mutex should not ...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007012)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007012 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chanstats array to zero The adapter-chanstats array is initialized ...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011068)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011068 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: fix module PLTs with mcount Li Huafei reports that mcount-based ftrace with module...

📄 Below Log File Symlink Privilege Escalation

This Metasploit module exploits a local privilege escalation vulnerability in the below utility when executed with sudo. This affects versions prior to 0.9.0. ================================================================================================================================== | Title...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010949)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010949 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: tpmtis: Add the missed acpiputtable to fix memory leak In checkacpitpm2, we get the TPM2 tab...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010824)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010824 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: Stop kfreescalethread threads after unloading rcuscale Running the 'kfreercutest'...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011092)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011092 advisory. In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefspreparedebugfshelpstring When insert and remove the orangefs...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011218)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011218 advisory. In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resourcesizeaddrang...

CVE-2026-35588 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...