JLSEC-2026-132

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...

CLSA-2026-1776421961 libwebp: Fix of 2 CVEs

CVE-2018-25013, CVE-2018-25014: wait for all threads to be done in DecodeRemaining, make sure partition 0 is read before VP8 data...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010670)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010670 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap useafterfree when on...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007316)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007316 advisory. In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007607)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007607 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007430)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007430 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: use sig-statslock to gather the threads/children stats locktasksighand can...

[SECURITY] Fedora 44 Update: kf6-threadweaver-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 addon for advanced thread management...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007191)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007191 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap useafterfree when on...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007209)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007209 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by...

EUVD-2026-22937

CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function...

CVE-2026-30364

CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function...

CVE-2026-30364

CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function...

CentSDR 安全漏洞

CentSDR is a handheld software-defined radio receiver open-sourced by ttfrftech. There is a security vulnerability in CentSDR, which stems from a stack overflow issue in the Thread1 function...

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

EUVD-2026-22249

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

CVE-2026-2450

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

EUVD-2026-22248

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

CVE-2026-2449

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

CVE-2026-2450

CVE-2026-2450 concerns a .NET misconfiguration in upKeeper Solutions’ upKeeper Instant Privilege Access, enabling impersonation that hijacks a Privileged Thread of Execution. Affected product: upKeeper Instant Privilege Access up to version 1.5.0. The CVSS 4.0 vector indicates NETWORK attack vect...

CVE-2026-2450

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...