Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006726)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006726 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard-timer could schedu...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006782)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006782 advisory. In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnicdeletetask The original code uses canceldelayedwork in...

WordPress plugin MIPL WC Multisite Sync 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

[SECURITY] Fedora 43 Update: calibre-9.6.0-1.fc43

Calibre is meant to be a complete e-library solution. It includes library management, format conversion, news feeds to ebook conversion as well as e-book reader sync features. Calibre is primarily a ebook cataloging program. It manages your ebook collection for you. It is designed around the...

SUSE CVE-2026-23465

In the Linux kernel, the following vulnerability has been resolved: btrfs: log new dentries when logging parent dir of a conflicting inode If we log the parent directory of a conflicting inode, we are not logging the new dentries of the directory, so when we finish we have the parent directory's...

CVE-2026-23465

CVE-2026-23465 affects the Linux kernel (btrfs) where logging the parent directory of a no-longer-existing conflicting inode could skip logging the directory’s new dentries, causing missing dentries after a power loss when an fsync occurs. The issue is resolved by logging new dir dentries wheneve...

CVE-2026-23459 ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS

In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...

CVE-2026-23459

The CVE-2026-23459 issue affects the Linux kernel IP tunnel code, specifically iptunnel_xmit_stats(). The bug arose because the function assumed tunnels used NETDEV_PCPU_STAT_TSTATS, while vxlan/geneve tunnels call udp_tunnel[6]_xmit_skb() and read NETDEV_PCPU_STAT_DSTATS, creating potential data...

OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal

Summary OpenShell Mirror Sync: Sandbox Escape via Unrestricted File Sync + Symlink Traversal Current Maintainer Triage - Status: narrow - Normalized severity: high - Assessment: v2026.3.28 still has the mirror-boundary bug because shipped c02ee8 only excluded hooks while unreleased 3b9dab is the...

GHSA-CWF8-44X6-32C2 OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal

Summary OpenShell Mirror Sync: Sandbox Escape via Unrestricted File Sync + Symlink Traversal Current Maintainer Triage - Status: narrow - Normalized severity: high - Assessment: v2026.3.28 still has the mirror-boundary bug because shipped c02ee8 only excluded hooks while unreleased 3b9dab is the...

Arbitrary File Upload

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary File Upload via the Mirror Sync process. An attacker can escape the intended sandbox and gain unauthorized access to files outside the designated directory by exploiting...

Malicious Package

Overview strapi-plugin-content-sync is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

Malicious Package

Overview strapi-plugin-sync is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren't...

Moderate: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3211 (ALAS-2026-3211)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3211 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions...

FreeRDP 安全漏洞

FreeRDP is an open source Remote Desktop Protocol RDP implementation library and client . FreeRDP suffers from a heap buffer overflow vulnerability. The vulnerability arises due to an out-of-bounds heap memory write due to a bmpSize synchronization error in the persistent cache. An attacker can...

CVE-2026-28503

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...

CVE-2026-28503

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...

CVE-2026-28503

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...