Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010803)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010803 advisory. In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of deltimersync must...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010842)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010842 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: ti: dra7-atl: Fix reference leak in ofdra7atlclkprobe pmruntimegetsync will increment pm usa...

VulnCheck KEV: CVE-2025-2749

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...

Kentico Xperience Path Traversal Vulnerability

Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations...

PT-2026-46940

Name of the Vulnerable Software and Affected Versions X.Org X server affected versions not specified Xwayland affected versions not specified Description A use-after-free flaw exists in the FreeCounter function. This occurs when a client establishes multiple SyncCounters and awaits their triggers...

PT-2026-46941

Name of the Vulnerable Software and Affected Versions X.Org X server affected versions not specified Xwayland affected versions not specified Description A use-after-free flaw exists in the SyncChangeCounter function. A client that establishes multiple SyncCounters can trigger this condition by...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007417)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007417 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvsworkqueue During the detaching of Marvell's SAS/SATA...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007572)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007572 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancelworksync before module remove If we remove the module which will call...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007225)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007225 advisory. In the Linux kernel, the following vulnerability has been resolved: sh: push-switch: Reorder cleanup operations to avoid use-after-free bug The original code puts...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007316)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007316 advisory. In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007495)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007495 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fssyncinodemeta syzbot reported an UAF issue as below: 1 2 1...

GHSA-JP74-MFRX-3QVH Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)

Summary A critical SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through sync parameters. This can lead to full database exfiltration, including admin password hashes and...

Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)

Summary A critical SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through sync parameters. This can lead to full database exfiltration, including admin password hashes and...

@bechara/crux (>=6.0.0 <=6.6.2), @cappa/cli (>=0.1.0 <=0.8.2) +11 more potentially affected by CVE-2026-6270 via @fastify/middie (>=9.0.2 <=9.3.1)

@fastify/middie NPM version =9.0.2, =6.0.0, =0.1.0, =0.1.0, =1.0.0, =1.0.11, =0.1.51, =1.0.36, =11.0.0, =1.3.0, =5.0.0, =0.6.1-dev, =1.1.48 Source cves: CVE-2026-6270 Source advisory: SNYK:JS-FASTIFYMIDDIE-16098213...

Azure File Sync Agent v22.3 Release – April 2026 (KB5087090)

Azure File Sync Agent v22.3 Release – April 2026 KB5087090...

Azure File Sync Agent v22.3 Release – April 2026 (KB5087090)

Azure File Sync Agent v22.3 Release – April 2026 KB5087090...

Azure File Sync Agent v22.3 Release – April 2026 (KB5087090)

Azure File Sync Agent v22.3 Release – April 2026 KB5087090...

Azure File Sync Agent v22.3 Release – April 2026 (KB5087090)

Azure File Sync Agent v22.3 Release – April 2026 KB5087090...

SUSE SLED15 / SLES15 Security Update : xorg-x11-server (SUSE-SU-2026:1330-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1330-1 advisory. - CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap bsc1260922. - CVE-2026-34000: XKB Out-of-bounds Rea...

Timing Attack

Overview @sync-in/server is a The secure, open-source platform for file storage, sharing, collaboration, and syncing Affected versions of this package are vulnerable to Timing Attack via the login process. An attacker can obtain valid usernames by measuring differences in response times from the...