GHSA-RX35-6RHX-7858 Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check

Summary A validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but...

CVE-2026-40161

Summary: Tekton Pipelines before 1.10.0, specifically the git resolver in API mode, can exfiltrate system-configured Git tokens when the token parameter is omitted. Affected software: Tekton Pipelines git resolver (API mode), versions 1.0.0–1.10.0. Vulnerability details: In API mode, the resolver...

Tekton Pipelines 安全漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. There are security vulnerabilities in versions 1.0.0 to 1.10.0 of Tekton Pipelines. These vulnerabilities stem from the git resolver in API mode, which, when a token parameter is omitted by the user, will send the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006908)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006908 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Rework long task execution when adding/deleting entries When adding/deleting...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011185)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011185 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: wait interruptibly for request completions on exit WHen the ring exits, cleanup is done...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013351)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013351 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: taskmmu.c: don't read mapcount for migration entry The syzbot reported the below BUG:...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011095)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011095 advisory. In the Linux kernel, the following vulnerability has been resolved: igb: Fix igbdown hung on surprise removal In a setup where a Thunderbolt hub connects to Ethernet...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011225)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011225 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix kernel NULL pointer dereference error When rxequeueinit in the function rxeqpinitre...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010970)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010970 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASKRUNNING vub300enablesdioirq works...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011213)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011213 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as...

CVE-2026-40337

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...

PureRAT: A Multi-Stage, Fileless RAT Utilizing Image Steganography and Process Hollowing

PureRAT: A Multi-Stage, Fileless RAT Utilizing Image Steganography and Process Hollowing By Prashanth A N and Mallikarjun Wali · April 20, 2026 PureRAT is an advanced remote access trojan RAT characterized by its complex infection stages. The intrusion sequence is initiated by a malicious .LNK fi...

False Security Confidence in Benign LLM Code Generation

Prior work has demonstrated that functionally correct yet vulnerable outputs arise systematically in threat-oriented settings, where adversarial or implicit channels are used to induce security failures in code agents and automated patching workflows. This note introduces a complementary but...

CVE-2026-40337 Sentry kernel has incomplete ownership check for IRQ line manipulation

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...

CVE-2026-40337 Sentry kernel has incomplete ownership check for IRQ line manipulation

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...

JLSEC-2026-132

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007363)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007363 advisory. In the Linux kernel, the following vulnerability has been resolved: parisc: led: Fix potential null-ptr-deref in starttask starttask calls createsinglethreadworkqueu...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007430)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007430 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: use sig-statslock to gather the threads/children stats locktasksighand can...

SUSE CVE-2026-33212

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...

EUVD-2026-22997

Weblate: Improper access control for pending tasks in API...