CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

EUVD-2026-36109

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

PT-2026-42169

Name of the Vulnerable Software and Affected Versions Evince versions prior to 48.2 Atril versions prior to 1.26.3 Atril versions prior to 1.28.4 Xreader versions prior to 3.6.7 Xreader versions prior to 4.6.4 Description Command injection is possible when processing PDF /GoToR actions due to...

CLEANSTART-2026-UD61879 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, ghsa-9h8m-3fm2-qjrq, ghsa-jv3w-x3r3-g6rm applied in versions: 1.28.1-r0, 1.28.1-r1, 1.28.3-r0, 1.28.4-r0

Multiple security vulnerabilities affect the istio-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-EJ96468 Security fixes for ghsa-2gh3-rmm4-6rq5, ghsa-394x-vwmw-crm3, ghsa-434x-w66g-qw3r, ghsa-65p9-r9h6-22vj, ghsa-9f94-5g5w-gf6r, ghsa-hfpc-8r3f-gw53, ghsa-pwjx-qhcg-rvj4, ghsa-r6v5-fh4h-64xc, ghsa-vw5v-4f2q-w9xf, ghsa-xwfj-jgwm-7wp5 applied in versions: 1.28.2-r0, 1.28.4-r0, 1.28.4-r1, 1.28.5-r0

Multiple security vulnerabilities affect the ztunnel-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-UV31684 Security fixes for CVE-2025-15558, CVE-2026-33186, ghsa-p436-gjf2-799p applied in versions: 1.28.4-r0, 1.28.4-r1

Multiple security vulnerabilities affect the istio package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-58190 affecting package kubernetes for versions less than 1.28.4-25

CVE-2025-58190 affecting package kubernetes for versions less than 1.28.4-25. A patched version of the package is available...

CVE-2025-47911 affecting package kubernetes for versions less than 1.28.4-25

CVE-2025-47911 affecting package kubernetes for versions less than 1.28.4-25. A patched version of the package is available...

CLEANSTART-2026-OJ16660 Security fixes for GHSA-2GH3-RMM4-6RQ5, GHSA-434X-W66G-QW3R, GHSA-R6V5-FH4H-64XC, GHSA-XWFJ-JGWM-7WP5 applied in versions: 1.28.2-r0, 1.28.4-r0

Multiple security vulnerabilities affect the ztunnel-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

istioctl-1.28.4-1.1 on GA media (moderate)

istioctl-1.28.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:10220-1 Rating: moderate Cross-References: CVE-2025-61732 CVE-2025-68121 CVSS scores: CVE-2025-61732 SUSE : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2025-61732 SUSE : 9.4...

OPENSUSE-SU-2026:10220-1 istioctl-1.28.4-1.1 on GA media

These are all security issues fixed in the istioctl-1.28.4-1.1 package on the GA media of openSUSE Tumbleweed...

AZL-76944 CVE-2025-47911 affecting package kubernetes for versions less than 1.28.4-25

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

CVE-2025-65637 affecting package kubernetes for versions less than 1.28.4-21

CVE-2025-65637 affecting package kubernetes for versions less than 1.28.4-21. A patched version of the package is available...

CVE-2025-31133 affecting package kubernetes for versions less than 1.28.4-20

CVE-2025-31133 affecting package kubernetes for versions less than 1.28.4-20. A patched version of the package is available...

Linux Distros Unpatched Vulnerability : CVE-2022-33879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new rege...

AZL-60505 CVE-2025-22872 affecting package kubernetes for versions less than 1.28.4-18

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-57462 CVE-2025-22868 affecting package kubernetes for versions less than 1.28.4-15

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

AZL-57428 CVE-2025-22869 affecting package kubernetes for versions less than 1.28.4-15

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

CVE-2024-54123

Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format...

PT-2024-36055

Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions prior to 1.28.4 Backdrop CMS versions 1.29.x prior to 1.29.2 Description: The issue allows for Cross Site Scripting XSS via an SVG document, if the SVG tag is allowed for a text format. This occurs in Backdrop CMS when a...