Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000252)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000252 advisory. kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfsquotaus is used e.g., with Kubernetes, allows attackers to cause a denial of service against...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000313)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000313 advisory. An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfqidleslicetimerbody. Tenable has extracted th...

PT-2026-26143

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cram decode slice function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value,...

PT-2026-26292

Name of the Vulnerable Software and Affected Versions pgproto3 affected versions not specified Description A flaw exists in pgproto3 where a malicious or compromised PostgreSQL server can send a DataRow message containing a negative field length. This input validation issue can cause a denial of...

PT-2026-26141

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cram decode slice function called while reading CRAM records, validation of the reference id field occurred too late, allowing two out of bounds...

CVE-2018-25155

Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user...

CVE-2018-25155 Teradek Slice 7.3.15 Cross-Site Request Forgery via Password Change

Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user...

CVE-2018-25155 Teradek Slice 7.3.15 Cross-Site Request Forgery via Password Change

Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user...

CVE-2018-25155

Summary: CVE-2018-25155 affects Teradek Slice 7.3.15 with a cross-site request forgery vulnerability that lets an attacker change the administrator password without proper request validation. An attacker can lure a logged-in user to view a malicious page that auto-submits password-change requests...

Teradek Slice 安全漏洞

Teradek Slice is a rackmount video decoder from Teradek. A security vulnerability exists in Teradek Slice version 7.3.15, which stems from vulnerability to a cross-site request forgery attack that could result in a change of the administrator password...

Teradek-Slice-XSS

No d...

Google Android Permission Obfuscation Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a privilege obfuscation vulnerability that originates from a privilege obfuscation issue in the SettingsSliceProvider.java file, which can be exploited by an...

CVE-2025-48536

In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

Google Android 安全漏洞

Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a privilege obfuscation vulnerability that originates from a privilege obfuscation issue in the SettingsSliceProvider.java file, which can be exploited by an...

GO-2025-4163 NSSF panic due to nil pointer dereference when expiry field is omitted in NSSAIAvailability POST in github.com/free5gc/nssf

NSSF panic due to nil pointer dereference when expiry field is omitted in NSSAIAvailability POST in github.com/free5gc/nssf...

OSV-2025-955 Use-of-uninitialized-value in decoder_context::construct_reference_picture_lists

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=464323256 Crash type: Use-of-uninitialized-value Crash state: decodercontext::constructreferencepicturelists decodercontext::processslicesegmentheader decodercontext::readsliceNAL...

NSSF panic due to nil pointer dereference when expiry field is omitted in NSSAIAvailability POST

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NnssfNSSAIAvailability API...

GHSA-F2HJ-VPP9-6VM2 NSSF panic due to nil pointer dereference when expiry field is omitted in NSSAIAvailability POST

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NnssfNSSAIAvailability API...

CVE-2025-60638

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NnssfNSSAIAvailability API...

Slice-Aware Spoofing Detection in 5G Networks Using Lightweight Machine Learning

The increasing virtualization of fifth generation 5G networks expands the attack surface of the user plane, making spoofing a persistent threat to slice integrity and service reliability. This study presents a slice-aware lightweight machine-learning framework for detecting spoofing attacks withi...