Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005642)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005642 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a delet...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005401)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005401 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a delet...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005600)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005600 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005460)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005460 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005570)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005570 advisory. In the Linux kernel, the following vulnerability has been resolved: mailbox: bcm2835: Fix timeout during suspend mode During noirq suspend phase the Raspberry Pi pow...

Veeam Agent for Microsoft Windows Service Fails to Start After Upgrading .NET Components

Challenge After upgrading .NET components on a machine where Veeam Agent for Microsoft Windows is installed, the "Veeam Agent for Microsoft Windows" service fails to start. Windows could not start the Veeam Agent for Microsoft Windows service on Local Computer. Error 1053: The service did not...

`melange update-cache` has unbounded HTTP download that can exhaust disk in CI

melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cause unbounded disk writes, exhausting disk on the build runner. Affected versions = 0.40.5. Fix: Merge...

CVE-2026-27630

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service DoS attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit or an appropriate...

CVE-2026-25476

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

EUVD-2026-8764

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service DoS attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit or an appropriate...

CVE-2026-27630

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service DoS attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit or an appropriate...

CVE-2026-27630

CVE-2026-27630 affects TinyWeb (Delphi, Win32) prior to version 2.02. The vulnerability is a Denial of Service via Slowloris: the server spawns an OS thread per incoming connection without concurrency limits or proper request timeouts, allowing an unauthenticated attacker to exhaust threads and m...

CVE-2026-27630 TinyWeb vulnerable to Remote Denial of Service via Thread/Connection Exhaustion (Slowloris)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service DoS attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit or an appropriate...

CVE-2026-25476

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

CVE-2026-25476

OpenEMR prior to version 8.0.0 is affected by a session timeout bypass vulnerability in library/auth.inc.php. When skip_timeout_reset=1 is present in a request, the code block that calls SessionTracker::isSessionExpired() and enforces logout on timeout is skipped, allowing expired sessions to con...

CVE-2026-25476

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

EUVD-2026-8706

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

CVE-2026-25476 OpenEMR has Session Timeout Bypass via skip_timeout_reset

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

CVE-2026-25476 OpenEMR has Session Timeout Bypass via skip_timeout_reset

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID 0xFFFF, s...