PT-2026-34178

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $ POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not...

PT-2026-34063

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint locale/save.php constructs a file path by directly concatenating $ POST'flag' into the path at line 30 without any sanitization. The $ POST'code' parameter is then written verbatim to that path via...

CVE-2025-70420

Based on connected sources, CVE-2025-70420 concerns Genesys Latitude v25.1.0.420 where an authenticated attacker can execute arbitrary SQL queries due to unsanitized user input concatenated into SQL statements. The affected component is Genesys Latitude, version 25.1.0.420; root cause is input un...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010727)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010727 advisory. The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 Double-Hash...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010809)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010809 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: add handling for RAID1C23/DUP to btrfsreduceallocprofile Callers of btrfsreduceallocprofil...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006899)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006899 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purgeeffectiveprogs Syzkaller reported a triggered kernel BUG as...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013305)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013305 advisory. The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 Double-Hash...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011269)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011269 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: akcipher - default implementation for setting a private key Changes from v1: removed the...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007056)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007056 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INTMAX When sysctlnropen is set to a ver...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010963)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010963 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: netcp: Standardize knavdmaopenchannel to return NULL on error Make...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-006985)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006985 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu: Avoid stack overflow due to rcuirqenterchecktick being kprobe-ed Registering a kprobe on...

CIQ Extended Support

A CIQ package update service provides extended support and/or OS hardening for the remote host. %NASLMINLEVEL 80900 C Tenable Network Security, Inc. include"compat.inc"; if description scriptid307904; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/04/21";...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013104)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013104 advisory. In the Linux kernel, the following vulnerability has been resolved: hfs: fix KMSAN uninit-value issue in hfsfindsetzerobits The syzbot reported issue in...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-013021)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013021 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can b...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011211)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011211 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix folio is still mapped when deleted Migration may be raced with fallocating hole...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013049)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013049 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: netcp: Standardize knavdmaopenchannel to return NULL on error Make...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011302 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't recheck L1 intercepts when completing userspace I/O When completing emulation of...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007033)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007033 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011308)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011308 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free read in ext4findextent for bigalloc + inline Syzbot found the following...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011408)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011408 advisory. In the Linux kernel, the following vulnerability has been resolved: hfs: fix KMSAN uninit-value issue in hfsfindsetzerobits The syzbot reported issue in...