Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016711)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016711 advisory. Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests ...

CVE-2026-32758 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

CVE-2025-59373

CVE-2025-59373 concerns a local privilege escalation in the ASUS System Control Interface (ASCI) restore mechanism, enabling an unprivileged user to copy files into protected system paths and cause arbitrary code to run as SYSTEM. Several sources (NVD/NIST, Red Hat, CIRCL enrichment, ZDI) identif...

CVE-2018-8805

Yxcms building system compatible cell phone v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extendguestbook.php or protected\apps\default\view\mobile\extendguestbook.php in an index.php?r=default/column/index&col=guestbook request...

UBUNTU-CVE-2016-5007

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space...