Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-007180)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007180 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal...

CLSA-2026-1776246056 glib2: Fix of 5 CVEs

CVE-2026-1489: fix integer overflow in Unicode case conversion functions - CVE-2026-1484: fix integer overflow in GLib Base64 encoding - CVE-2026-1485: fix buffer underflow in content type treemagic parsing - CVE-2026-0988: fix integer overflow in gbufferedinputstreampeek - CVE-2025-7039: fix...

CLSA-2026-1776257772 ImageMagick: Fix of CVE-2026-32636

CVE-2026-32636: out-of-bounds write of a single zero byte in ConvertUTF16ToUTF8 via NewXMLTree when resizing UTF-8 buffer...

CLSA-2026-1776257247 ImageMagick: Fix of CVE-2026-32636

CVE-2026-32636: out-of-bounds write of a single zero byte in ConvertUTF16ToUTF8 via NewXMLTree when resizing UTF-8 buffer...

Splunk Enterprise 9.3.0 < 9.3.11, 9.4.0 < 9.4.10, 10.0.0 < 10.0.5, 10.2.0 < 10.2.2 (SVD-2026-0401)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0401 advisory. - In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0,...

Atlassian Jira Service Management 5.15.2 < 10.3.18 / 10.4.0 < 11.3.3 (JSDSERVER-16530)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16530 advisory. - node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3...

PT-2026-33064

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.2 Splunk Enterprise versions prior to 10.0.5 Splunk Enterprise versions prior to 9.4.10 Splunk Enterprise versions prior to 9.3.11 Splunk Cloud Platform versions prior to 10.4.2603.0 Splunk Cloud Platfo...

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

CVE-2026-4114

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...

PT-2026-32579

Name of the Vulnerable Software and Affected Versions Prometheus versions 3.0 through 3.5.1 Prometheus versions 3.6.0 through 3.11.1 Description Stored cross-site scripting exists in multiple components of the Prometheus web UI, specifically within the Mantine UI and the old React UI. The issue...

SonicWall SMA 1000 Series <= 12.4.3-03245 / 12.5.x <= 12.5.0-02283 Multiple Vulnerabilities (SNWLID-2026-0003)

The remote host is a SonicWall SMA 1000 Series device that is affected by multiple vulnerabilities: - A privilege escalation vulnerability due to improper neutralization of special elements used in an SQL command. A remote authenticated attacker with read-only administrator privileges can escalat...

EUVD-2026-20990

Wasmtime: Panic when transcoding misaligned utf-16 strings...

EUVD-2026-20988

Wasmtime: Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding...

CVE-2026-35583

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants,...

CVE-2026-34941

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of the input string when performing a bounds chec...

CVE-2026-34941 Wasmtime has a Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a vulnerability where when transcoding a UTF-16 string to the latin1+utf16 component-model encoding it would incorrectly validate the byte length of the input string when performing a bounds chec...

EUVD-2026-20908

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

EUVD-2026-20906

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

CVE-2026-4114

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication...