[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-7.fc44

NGINX module for Brotli compression...

CVE-2026-24352

PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...

CVE-2026-24351

PluXml CMS is affected by CVE-2026-24351 (Stored XSS in Static Pages editing). An attacker with editing privileges can inject arbitrary HTML/JS that is rendered when visiting the edited page. Vulnerable confirmed in versions 5.8.21 and 5.9.0-rc7; other versions were not tested and might also be v...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002895)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002895 advisory. Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccpwritexmit function in net/dccp/output.c in that allows a local user to cause ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000348)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000348 advisory. A flaw was found in the HDLCPPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation i...

PT-2025-46741

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-rc7 Description The Linux kernel contains an issue within the KVM component, specifically related to debug checking for non-physical np guests utilizing huge mappings on the arm64 architecture. When runnin...

PT-2025-8844

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc7+ Description A race condition in the Linux kernel's RDMA/mlx5 module can lead to a CQE error, causing the UMR QP to enter an error state. This occurs when the mlx5 ib dereg mr flow and mlx5 ib invalida...

SUSE CVE-2004-1300

Buffer overflow in the openaifffile function in demuxaiff.c for xine-lib libxine 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file...

CVE-2022-29695

Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization...

kernel: fuse: prevent fuse_put_request on invalid pointer

The fusedirectio function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service invalid pointer dereference and OOPS via vectors possibly related to a memory-consumption attack...