Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...

kernel: Fix of 5 CVEs

net/sched: schhfsc: upgrade 'rt' to 'sc' when it becomes a inner curve CVE-2023-4623 - net/sched: Enforce that teql can only be used as root qdisc CVE-2026-23074 - ALSA: usb-audio: Fix use-after-free in sndusbmixerfree CVE-2026-23089 - atm: atmtcp: Prevent arbitrary write in atmtcprecvcontrol...

CVE-2025-14944

The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded toke...

kernel: Linux kernel: integer overflow and information disclosure via undefined shift operation in drm/amdkfd

A flaw was found in the Linux kernel’s AMD Kernel Fusion Driver amdkfd within the drm subsystem. When either getnumsdmaqueues or getnumxgmisdmaqueues returned 0, the driver performed a bit shift where the number of bits shifted equaled the operand width. Such a shift is undefined behavior in C an...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006779 advisory. In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgrlock smpcallfunction always runs its callback in hard IR...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006584)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006584 advisory. In the Linux kernel, the following vulnerability has been resolved: nullblk: Always check queue mode setting from configfs Make sure to check device queue mode in th...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006787)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006787 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queuepriorityhint on parking Originally, with strict in order execution, we...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006641)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006641 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: fix memory leak in sctpstreamoutqmigrate When sctpstreamoutqmigrate is called to release...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006665 advisory. In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blkmqallocrequesthctx This patch prevents that test...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006571)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006571 advisory. In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006735)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006735 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sock: fix hardened usercopy panic in sockrecverrqueue skbufffclonecache was created without...

SUSE CVE-2026-34980

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server...

EUVD-2025-209272

The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded toke...

CVE-2025-14944

The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded toke...

CVE-2025-14944

The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded toke...

WordPress plugin Backup Migration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network

...

CVE-2026-5535 FedML-AI FedML MQTT Message FileUtils.java path traversal

A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. The attack is possible to be carried out remotely. The...

SUSE CVE-2026-31404

In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svcexportput calls pathput and authdomainput immediately when the last reference drops, before the RCU grace period. RCU readers in eshow and cshow access both expath via...

CVE-2026-34990

A flaw was found in OpenPrinting CUPS. A local unprivileged user can exploit this vulnerability by coercing the cupsd service to authenticate to an attacker-controlled Internet Printing Protocol IPP service. This allows the user to create a persistent printer queue that can overwrite arbitrary...