PT-2026-34387

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the s390 architecture where the r12 register is not properly cleared during kernel entry. Previously, entry handlers loaded r12 with the current task pointer for use b...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013587)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013587 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013774)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013774 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix kernel NULL pointer dereference error When rxequeueinit in the function rxeqpinitre...

CVE-2026-40924

CVE-2026-40924 – Tekton Pipelines HTTP Resolver Unbounded Read Leads to DoS . The vulnerability affects Tekton Pipelines where, prior to 1.11.1, the HTTP resolver’s FetchHttpResource calls io.ReadAll on resp.Body with no size limit. A tenant with permission to create TaskRuns or PipelineRuns refe...

GHSA-RX35-6RHX-7858 Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check

Summary A validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but...

CVE-2026-40161

Summary: Tekton Pipelines before 1.10.0, specifically the git resolver in API mode, can exfiltrate system-configured Git tokens when the token parameter is omitted. Affected software: Tekton Pipelines git resolver (API mode), versions 1.0.0–1.10.0. Vulnerability details: In API mode, the resolver...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011185)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011185 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: wait interruptibly for request completions on exit WHen the ring exits, cleanup is done...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013351)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013351 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: taskmmu.c: don't read mapcount for migration entry The syzbot reported the below BUG:...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010970)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010970 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASKRUNNING vub300enablesdioirq works...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011225)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011225 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix kernel NULL pointer dereference error When rxequeueinit in the function rxeqpinitre...

Tekton Pipelines 安全漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. There are security vulnerabilities in versions 1.0.0 to 1.10.0 of Tekton Pipelines. These vulnerabilities stem from the git resolver in API mode, which, when a token parameter is omitted by the user, will send the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006908)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006908 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Rework long task execution when adding/deleting entries When adding/deleting...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011213)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011213 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011095)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011095 advisory. In the Linux kernel, the following vulnerability has been resolved: igb: Fix igbdown hung on surprise removal In a setup where a Thunderbolt hub connects to Ethernet...

CVE-2026-40337

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...

PureRAT: A Multi-Stage, Fileless RAT Utilizing Image Steganography and Process Hollowing

PureRAT: A Multi-Stage, Fileless RAT Utilizing Image Steganography and Process Hollowing By Prashanth A N and Mallikarjun Wali · April 20, 2026 PureRAT is an advanced remote access trojan RAT characterized by its complex infection stages. The intrusion sequence is initiated by a malicious .LNK fi...

False Security Confidence in Benign LLM Code Generation

Prior work has demonstrated that functionally correct yet vulnerable outputs arise systematically in threat-oriented settings, where adversarial or implicit channels are used to induce security failures in code agents and automated patching workflows. This note introduces a complementary but...

CVE-2026-40337 Sentry kernel has incomplete ownership check for IRQ line manipulation

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...

CVE-2026-40337 Sentry kernel has incomplete ownership check for IRQ line manipulation

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...

JLSEC-2026-132

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...