Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013363)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013363 advisory. In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of deltimersync must...

Mozilla -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=2027541 reports: Use-after-free in the JavaScript Engine component...

Mozilla -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=2013619 reports: Use-after-free in the JavaScript: WebAssembly component...

Mozilla -- Privilege escalation in the Debugger component

https://bugzilla.mozilla.org/showbug.cgi?id=2023753 reports: Privilege escalation in the Debugger component...

PT-2026-34209

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An incorrect regular expression allows an attacker to bypass OAuth redirect URI validation. An attacker aware of a first-party OAuth application's registered callback URL can create a...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006997)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006997 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFSIPipimap-iimap in diUnmount syzbot found an invalid-free in diUnmount...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010812)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010812 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4evictinode' Syzbot found the following issue:...

Mozilla -- Incorrect boundary conditions

https://bugzilla.mozilla.org/showbug.cgi?id=2021770 reports: Incorrect boundary conditions in the WebRTC: Networking component...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013314)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013314 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFSIPipimap-iimap in diUnmount syzbot found an invalid-free in diUnmount...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007011)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007011 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: hid-ntrig: fix unable to handle page fault in ntrigreportversion in ntrigreportversion, hdev...

Mozilla -- Invalid pointer

https://bugzilla.mozilla.org/showbug.cgi?id=2022746 reports: Invalid pointer in the Audio/Video: Playback component...

CVE-2026-23757

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

CVE-2026-23757 GFI HelpDesk < 4.99.10 Stored XSS via Reports Module

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

CVE-2026-23757 GFI HelpDesk < 4.99.10 Stored XSS via Reports Module

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

CVE-2026-23757

GFI HelpDesk

CVE-2026-23757

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

ExploitIQ

⚡ ExploitIQ Autonomous AI-Powered Penetration Testing Assis...

OSV-2026-595 UNKNOWN WRITE in std::__1::istreambuf_iterator<char, std::__1::char_traits<char>> std::__1::num_g

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504141064 Crash type: UNKNOWN WRITE Crash state: std::1::istreambufiterator std::1::numg std::1::basicistream& std::1::inputar igl::MshLoader::parseelementfield...

PT-2026-33822

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFT Report::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

CVE-2026-40324

creationtimestamp| type| source ---|---|--- 2026-04-18 01:18:04+00:00| published-proof-of-concept| Telegram/u5f3Gra6Haipf3VJEB4yu-gwc95-0FLxvYnhbIvKSTo7fn8...