traefik-3.6.10-1.1 on GA media (moderate)

traefik-3.6.10-1.1 on GA media Announcement ID: openSUSE-SU-2026:10323-1 Rating: moderate Cross-References: CVE-2026-26998 CVE-2026-26999 CVE-2026-29054 Affected Products: openSUSE Tumbleweed An update that solves 3 vulnerabilities can now be installed. Description: These are all security issues...

CVE-2026-26998

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. When Traefik is configured to use the ForwardAuth middleware, it reads the authentication server's response body into memory without a size limit. A malicious or misconfigured authentication server could send an excessively lar...

CVE-2026-26998 Traefik: unbounded io.ReadAll on auth server response body causes OOM denial of service(DOS)

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is...

CVE-2026-26998

creationtimestamp| type| source ---|---|--- 2026-03-04 13:09:56+00:00| published-proof-of-concept| https://github.com/traefik/traefik/security/advisories/GHSA-fw45-f5q2-2p4x 2026-03-05 14:20:14+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mgcyldb6z52q...

CVE-2024-26998

creationtimestamp| type| source ---|---|--- 2025-10-07 20:54:51+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m2mz5oqecs2y 2025-11-12 12:06:41+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m5gmgcuomc27 2025-11-24 12:41:32+00:00| seen|...

CVE-2023-26998

Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page...

CVE-2022-26998

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wpsenroleepin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2021-26998

NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed...

CVE-2020-26998

A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker...

CVE-2025-26998

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a through = 1.8...

CVE-2025-26998

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a through = 1.8...

CVE-2025-26998 WordPress SKT Blocks – Gutenberg based Page Builder plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a through = 1.8...

CVE-2025-26998 WordPress SKT Blocks – Gutenberg based Page Builder plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 SKT Blocks skt-blocks allows Stored XSS.This issue affects SKT Blocks: from n/a through = 1.8...

WordPress SKT Blocks – Gutenberg based Page Builder plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim Patchstack Alliance in WordPress Plugin SKT Blocks versions = 1.8...

CVE-2023-26998

creationtimestamp| type| source ---|---|--- 2024-01-09 03:26:08+00:00| seen| https://t.me/ctinow/164768 2024-01-26 07:36:52+00:00| seen| https://t.me/ctinow/174027...

CVE-2023-26998

Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page...

CVE-2023-26998

CVE-2023-26998 affects NetScout nGeniusOne 6.3.4. The vulnerability is a Cross Site Scripting issue in the Alert Configuration page, exploitable via the creator parameter, enabling a remote attacker to execute arbitrary code. Root cause relates to unsanitized input in the creator field. No offici...

Arris Routers Command Injection (CVE-2022-26990; CVE-2022-26991; CVE-2022-26992; CVE-2022-26993; CVE-2022-26994; CVE-2022-26995; CVE-2022-26996; CVE-2022-26997; CVE-2022-26998; CVE-2022-26999; CVE-2022-27000; CVE-2022-27001; CVE-2022-27002)

A command injection vulnerability exists in Arris Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

CVE-2021-26998

CVE-2021-26998 affects NetApp Cloud Manager prior to 3.9.9, where a flaw allows sensitive information in logs to be exposed to authenticated users. Public sources consistently identify the affected product and version range and confirm the impact as information disclosure. Remediation per the doc...

ICSA-21-040-06_Siemens JT2Go and Teamcenter Visualization (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JT2Go and Teamcenter Visualization Vulnerabilities: Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Stack-based Buffer overflow, Out-of-Bounds Write, Type...