Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013371)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013371 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip end interval element from gc rbtree lazy gc on insert might collect...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012966)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012966 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walk over current view on netlink dump The generation mask can be update...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010922)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010922 advisory. In the Linux kernel, the following vulnerability has been resolved: fpga: prevent integer overflow in dflfeatureioctlsetirq The hdr.count sizeofs32 multiplication ca...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011368)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011368 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010815)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010815 advisory. In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix cleanup after devsetname If devsetname fails, we leak nvmem-wpgpio as the cleanu...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the setkey and unsetkey functions. An attacker can overwrite arbitrary files by creating a crafted symbolic link that is followed during a cross-device rename fallback. PoC python import os import sys import tempfile...

JLSEC-2026-158

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in picparameterset::setderivedvalues. This issue has been patched in version 1.0.17...

JLSEC-2026-159

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

CVE-2026-6560

A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function EditBasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed public...

CVE-2026-28684 python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a...

SUSE-SU-2026:21243-1 Security update for libcap

This update for libcap fixes the following issues: - CVE-2026-4878: local privilege escalation through file capability injection due to TOCTOU race condition in capsetfile bsc1261809...

CVE-2026-6630

A vulnerability was found in Tenda F451 1.0.0.7cnsvn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. The attack may be initiated remotely. The exploit has be...

CVE-2026-6630

CVE-2026-6630 affects Tenda F451 1.0.0.7_cn_svn7958; the vulnerability exists in httpd, function fromGstDhcpSetSer in /goform/GstDhcpSetSer. Manipulating the argument dips can cause a buffer overflow. The issue is exploitable remotely with a network attack vector and has a PROOF-OF-CONCEPT exploi...

EUVD-2026-23716

A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now...

python-dotenv 安全漏洞

python-dotenv is a Python environment management tool developed by Saurabh Kumar. Versions of python-dotenv prior to version 1.2.2 contained security vulnerabilities. These vulnerabilities stemmed from defects in the setkey and unsetkey functions when dealing with symbolic links, which could allo...

Tenda F451 安全漏洞

The Tenda F451 is a wireless router produced by the Chinese company Tenda. The version Tenda F451 1.0.0.7cnsvn7958 contains a security vulnerability. This vulnerability stems from improper handling of the parameter “dips” in the httpd component of the file/goform/GstDhcpSetSer function, which may...

EUVD-2026-23684

A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function EditBasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed public...

SUSE SLES12 Security Update : libcap (SUSE-SU-2026:1433-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1433-1 advisory. This update for libcap fixes the following issue: - CVE-2026-4878: Address a potential TOCTOU race condition in capsetfile bsc1261809. Tenable has...

CLSA-2026-1776424888 libpng15: Fix of CVE-2026-33416

CVE-2026-33416: fix use-after-free in pngsettRNS and pngsetPLTE due to aliased heap buffers...

CLSA-2026-1776422998 libpng15: Fix of CVE-2026-33416

CVE-2026-33416: fix use-after-free in pngsettRNS and pngsetPLTE due to aliased heap buffers...