Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002070)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002070 advisory. arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial o...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002286)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002286 advisory. The evmupdateevmxattr function in security/integrity/evm/evmcrypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module EVM is enabled, allows...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002694)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002694 advisory. The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service resource consumption by leveraging improper channel...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003182)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003182 advisory. A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to ente...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003375)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003375 advisory. Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gai...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003088)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003088 advisory. It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002490)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002490 advisory. Format string vulnerability in the registerdisk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002801)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002801 advisory. It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002047)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002047 advisory. The evmupdateevmxattr function in security/integrity/evm/evmcrypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module EVM is enabled, allows...

CVE-2025-68808

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtvchannelsiinit creates a temporary list program, service, event and ownership of the memory itself is transferred to the PAT/SDT/EIT tables through...

CVE-2025-14557

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Facebook Pixel facebookpixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1...

GO-2025-4248 Mattermost has missing redirect URL validation in github.com/mattermost/mattermost

Mattermost has missing redirect URL validation in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

TFTP Fetch, Linux Chmod

Fetch and execute an AARCH64 payload from a TFTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/tftp/aarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options...

CVE-2025-14557

CVE-2025-14557 affects Drupal Facebook Pixel module (facebook_pixel) with stored XSS due to improper input neutralization during page generation. Affected versions are 7.X-1.0 through 7.X-1.1. The vulnerability can allow malicious script injection via input fields rendered on generated pages, as ...

CVE-2025-14556 XSS in Drupal 7 Flag Module

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Flag allows Cross-Site Scripting XSS.This issue affects Flag: from 7.X-3.0 through 7.X-3.9...

CVE-2025-14556

CVE-2025-14556 is an XSS in the Drupal Flag module. Affected: Drupal Flag versions 7.X-3.0 through 7.X-3.9 . Root cause: improper neutralization of input during web page generation . Impact: Cross-Site Scripting (XSS) vulnerability; attacker could inject scripts when users view pages. Exploitatio...

CVE-2025-14556 XSS in Drupal 7 Flag Module

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Flag allows Cross-Site Scripting XSS.This issue affects Flag: from 7.X-3.0 through 7.X-3.9...

DRUPAL-CONTRIB-2026-005

This module enables Drupal sites to authenticate users via Microsoft Entra ID formerly Azure AD using OAuth 2.0. The module doesn't sufficiently validate API responses from Microsoft allowing complete account takeover of any user, including site administrators, without requiring any credentials o...

DRUPAL-CONTRIB-2026-002

This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the "administer permissions" permission. The module contains an access bypass vulnerability when used in combination with the Views Bulk Operations module. A user...

CVE-2025-59021

Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs...