Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021647 advisory. In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRTSOCKUPDTIMEOUT when reset transport Since transport-sock has been set to NULL...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021537)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021537 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD has...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021643)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021643 advisory. In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25c...

kernel: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg

In the Linux kernel, the following vulnerability has been resolved: tcpbpf: Fix the skmemuncharge logic in tcpbpfsendmsg The current sk memory accounting logic in SKREDIRECT is pre-uncharging tosend bytes, which is either msg-sg.size or a smaller value applybytes. Potential problems with this...

CVE-2026-33234

CVE-2026-33234 affects AutoGPT versions 0.1.0–0.6.51, where SendEmailBlock accepts user-provided smtp_server and smtp_port and passes them to Python’s smtplib.SMTP() without IP address validation. This bypasses hardened SSRF protections (validate_url_host and BLOCKED_IP_NETWORKS) used by other bl...

CVE-2026-33234 AutoGPT: SendEmailBlock's IP blocklist bypass allows SSRF via user-controlled SMTP server

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...

CVE-2026-7563 Classified Listing <= 5.3.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via add_order_note and send_email_to_user_by_moderator AJAX Actions

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

CVE-2026-43914

A flaw was found in Vaultwarden, a Bitwarden-compatible server. A remote attacker can exploit an unprotected two-factor authentication 2FA function, sendemaillogin, to bypass login brute-force protection. This allows the attacker to repeatedly attempt password guesses without rate-limiting,...

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows an attacker to access and send support calls for other users by manipulating the chamado parameter via a crafted GET request. The documents do not provide details on exploited versions, specific vectors beyond the parameter manipulat...

CVE-2026-43914

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is enabled. If email 2fa is enabled, the unprotected 2fa-function sendemaillogin email.rs, api endpoi...

CVE-2026-43880

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/sendEmail.json.php exposes two branches depending on whether contactForm=1 is submitted. When the parameter is omitted, the endpoint sets $sendTo to an attacker-supplied email and, for unauthenticated...

Unity Linux 20.1060e / 20.1070e Security Update: gnutls (UTSA-2026-017621)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017621 advisory. A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences...

SUSE CVE-2026-43185

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smbdirectpreparenegotiation smbdirectpreparenegotiation casts an unsigned u32 value from sp-maxrecvsize and req-preferredsendsize to a signed int before computing mintint, .... A maliciously provide...

PT-2026-39334

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs sbi client send via scp or sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named...

CVE-2026-43296

A flaw was found in the Linux kernel's octeontx2-af driver. This vulnerability arises from issues within the NIX SQ Send Queue manager's sticky mode and the PSE Packet Stream Engine, which can lead to system stalls, deadlocks, and credit drops. When multiple Send Queues share a Send Message Queue...

CVE-2026-43466

Summary (CVE-2026-43466) : The Linux kernel mlx5e driver had a desync bug in the software DMA FIFO during TX error recovery. Specifically, during recovery, dma_fifo_cc was reset to 0 while dma_fifo_pc was not, causing producer/consumer to operate on misaligned indices. After recovery, new entries...

CVE-2026-43466

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5eresettxqsqccpc resets dmafifocc to 0 but not dmafifopc, desyncing the DMA FIFO producer and consumer. After...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel. These vulnerabilities arise from the sticky mode of the NIX SQ manager in the octeontx2-af driver, which causes...

CVE-2026-44116

OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthoriz...

CLSA-2026-1778148827 nghttp2: Fix of CVE-2023-35945

CVE-2023-35945: fix memory leak in nghttp2sessionmemsendinternal when onstreamclosecallback returns a fatal error during send-failure handling...