Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003163)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003163 advisory. In the Linux kernel 4.15.x through 4.19.x before 4.19.2, mapwrite in kernel/usernamespace.c allows privilege escalation because it mishandles nested user namespaces...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001901)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001901 advisory. arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform improperly relies on espfix64 during nested NMI processing, which allows local users ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002978)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002978 advisory. A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In...

MiracleLinux 4 : dbus-1.2.24-4.AXS4 (AXSA:2011-116:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-116:01 advisory. D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messagin...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001739)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001739 advisory. In locksocknested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution...

jaraco.context Has a Path Traversal Vulnerability

Summary There is a Zip Slip path traversal vulnerability in the jaraco.context package affecting setuptools as well, in jaraco.context.tarball function. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The...

GHSA-58PV-8J8X-9VJ2 jaraco.context Has a Path Traversal Vulnerability

Summary There is a Zip Slip path traversal vulnerability in the jaraco.context package affecting setuptools as well, in jaraco.context.tarball function. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The...

github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory between Top of Lower Usable DRAM and 4GiB, to be mapped as UC via a forc...

MiracleLinux 7 : libxslt-1.1.28-6.0.2.el7.AXS7 (AXSA:2025-9856:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9856:03 advisory. CVE-2025-24855: fix use-after-free issue in numbers.c by restoring XPath context node in nested XPath evaluations CVEs: CVE-2025-24855 numbers.c in libxslt...

PT-2026-3523

Name of the Vulnerable Software and Affected Versions jaraco.context versions prior to 6.1.0 Description jaraco.context, a software package providing decorators and context managers, contains a path traversal issue in the jaraco.context.tarball function. The issue allows attackers to extract file...

CVE-2019-18455

An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...

CVE-2024-39010

chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2023-49195

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6...

CVE-2023-50730

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2025-23061

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-1356)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1356 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000347 advisory. In the Linux kernel 4.15.x through 4.19.x before 4.19.2, mapwrite in kernel/usernamespace.c allows privilege escalation because it mishandles nested user namespaces...