Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007427)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007427 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: fbpm2fb: Avoid potential divide by zero error In dofbioctl of fbmem.c, if cmd is...

Linux Distros Unpatched Vulnerability : CVE-2026-34232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdrstatusvector function does not handle the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007386)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007386 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix information leak in f2fsmoveinlinedirents When converting an inline directory to a...

PT-2026-33484

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl desc function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later used to calculate the number of slice items, causin...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007219)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007219 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that th...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007422)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007422 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpicmpui During NVMeTCP Authentication a controller...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007459)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007459 advisory. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: i740fb: Check the argument of i740calcvclk Since the user can control the argument...

CVE-2026-40192

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...

PT-2026-33406

Name of the Vulnerable Software and Affected Versions Vault Community Edition versions prior to 2.0.0 Vault Enterprise versions prior to 2.0.0 Description An unauthenticated attacker can cause a denial-of-service condition by repeatedly initiating or canceling root token generation or rekey...

Firebird 安全漏洞

Firebird is a set of open-source, cross-platform relational database management systems provided by the Firebird Foundation, which include multiple ANSI SQL-92 functions. Vulnerabilities exist in versions prior to Firebird 5.0.4, 4.0.7, and 3.0.14. These vulnerabilities stem from the assumption...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007573)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007573 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCPUSERTIMEOUT, and the other pee...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007597)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007597 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is...

HashiCorp Vault和HashiCorp Vault Enterprise 安全漏洞

HashiCorp Vault and HashiCorp Vault Enterprise are products developed by HashiCorp, a company based in the United States. HashiCorp Vault is a private key access management tool. HashiCorp Vault Enterprise is an enterprise information archiving platform. There were security vulnerabilities in...

HashiCorp Vault 安全漏洞

HashiCorp Vault is a private key access management tool developed by the American company HashiCorp. Versions of HashiCorp Vault prior to 2.0.0, as well as versions prior to 1.21.5, 1.20.10, and 1.19.16, contain security vulnerabilities. These vulnerabilities stem from Vault’s practice of...

PT-2026-33532

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory, which performs no file...

PT-2026-33414

Name of the Vulnerable Software and Affected Versions Unlimited Elements for Elementor versions prior to 2.0.7 Description An arbitrary file read issue exists due to insufficient path traversal sanitization in the URLtoRelative and urlToPath functions, combined with the ability to enable debug...

BIT-DJANGO-2026-4292 Privilege abuse in ModelAdmin.list_editable

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

Paperclip: OS Command Injection via Execution Workspace cleanupCommand

| Field | Value | |-------|-------| | Affected Software | Paperclip AI v2026.403.0 | | Affected Component | Execution Workspace lifecycle workspace-runtime.ts | | Affected Endpoint | PATCH /api/execution-workspaces/:id | | Deployment Modes | All — localtrusted zero auth, authenticated any company...

GHSA-VR7G-88FQ-VHQ3 Paperclip: OS Command Injection via Execution Workspace cleanupCommand

| Field | Value | |-------|-------| | Affected Software | Paperclip AI v2026.403.0 | | Affected Component | Execution Workspace lifecycle workspace-runtime.ts | | Affected Endpoint | PATCH /api/execution-workspaces/:id | | Deployment Modes | All — localtrusted zero auth, authenticated any company...

[slackware-security] libxml2

New libxml2 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libxml2-2.11.9-i586-9slack15.0.txz: Rebuilt. This update fixes security issues: entities: copy children in xmlCopyEntity. c14n: Fix...