Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000661 advisory. In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspisetupflash function. There are CQSPIMAXCHIPSELECT elements...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002528)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002528 advisory. Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecifie...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002739)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002739 advisory. The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002575)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002575 advisory. Race condition in the environread function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory b...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002195)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002195 advisory. Buffer overflow in virt/kvm/irqcomm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service crash and possibly execu...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002024)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002024 advisory. Double free vulnerability in the ioctxalloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service system crash or...

CVE-2025-71064

In the Linux kernel, the following vulnerability has been resolved: net: hns3: using the numtqps in the vf driver to apply for resources Currently, hdev-htqp is allocated using hdev-numtqps, and kinfo-tqp is allocated using kinfo-numtqps. However, kinfo-numtqps is set to minnewtqps, hdev-numtqps;...

CVE-2025-71138

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add missing NULL pointer check for pingpong interface It is checked almost always in dpuencoderphyswbsetupctl, but in a single place the check is missing. Also use convenient locals instead of physenc- where availabl...

CVE-2025-71130

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Zero-initialize the eb.vma array in i915gemdoexecbuffer Initialize the eb.vma array with values of 0 when the eb structure is first set up. In particular, this sets the eb-vmai.vma pointers to NULL, simplifying...

CVE-2025-71115

In the Linux kernel, the following vulnerability has been resolved: um: init cputasks earlier This is currently done in umlfinishsetup, but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse, which has coverage annotations, and then the checks in checkkcovmode...

CVE-2025-71115

In the Linux kernel, the following vulnerability has been resolved: um: init cputasks earlier This is currently done in umlfinishsetup, but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse, which has coverage annotations, and then the checks in checkkcovmode...

CVE-2025-71115

CVE-2025-71115 pertains to the Linux kernel where cpu_tasks[] is not initialized early enough, causing a NULL current in certain init paths (notably with KCOV enabled) and potential crashes. The available connected docs confirm the vulnerability arises from initializing cpu_tasks[] in uml_finishs...

Malicious code in transitive-req (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d7b45680b49152176403af486a0af997c20d1eaa8179a69b8e5c3ee65a41e35a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-250 Malicious code in transitive-req (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d7b45680b49152176403af486a0af997c20d1eaa8179a69b8e5c3ee65a41e35a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

kernel: Bluetooth: hci_conn: Fix crash on hci_create_cis_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix crash on hcicreatecissync When attempting to connect multiple ISO sockets without using DEFERSETUP may result in the following crash: BUG: KASAN: null-ptr-deref in hcicreatecissync+0x18b/0x2b0 Read of size...

kernel: Bluetooth: hci_conn: Fix crash on hci_create_cis_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix crash on hcicreatecissync When attempting to connect multiple ISO sockets without using DEFERSETUP may result in the following crash: BUG: KASAN: null-ptr-deref in hcicreatecissync+0x18b/0x2b0 Read of size...

WordPress plugin DASHBOARD BUILDER – WordPress plugin for Charts and Graphs 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000621)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000621 advisory. Race condition in the environread function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory b...

CVE-2025-14579

The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-68784

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new value buffer, which means that any reference to ab-value before the call could become a dangling pointer. Fix this by moving an assignment t...