CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

ServiceNow - Cross-Site Scripting

ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. id: CVE-2022-38463 info: name: ServiceNow - Cross-Site Scripting author: amanrawat...

CVE-2026-7374 affecting package kubevirt for versions less than 1.7.1-6

CVE-2026-7374 affecting package kubevirt for versions less than 1.7.1-6. A patched version of the package is available...

CVE-2026-27136 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-27136 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-42502 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-42502 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-25681 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-25681 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-25680 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-25680 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-42506 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-42506 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-39821 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-39821 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

SUSE-SU-2026:21926-1 Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. - CVE-2026-23274:...

CVE-2026-25681 affecting package prometheus-adapter for versions less than 0.12.0-6

CVE-2026-25681 affecting package prometheus-adapter for versions less than 0.12.0-6. A patched version of the package is available...

CVE-2026-39821 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-39821 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

CVE-2026-39821 affecting package cri-tools for versions less than 1.32.0-6

CVE-2026-39821 affecting package cri-tools for versions less than 1.32.0-6. A patched version of the package is available...

CVE-2026-25680 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-25680 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

CVE-2026-27136 affecting package cri-tools for versions less than 1.32.0-6

CVE-2026-27136 affecting package cri-tools for versions less than 1.32.0-6. A patched version of the package is available...

CVE-2026-42506 affecting package prometheus-adapter for versions less than 0.12.0-6

CVE-2026-42506 affecting package prometheus-adapter for versions less than 0.12.0-6. A patched version of the package is available...

CVE-2026-42502 affecting package cri-tools for versions less than 1.32.0-6

CVE-2026-42502 affecting package cri-tools for versions less than 1.32.0-6. A patched version of the package is available...

CVE-2026-42502 affecting package prometheus-adapter for versions less than 0.12.0-6

CVE-2026-42502 affecting package prometheus-adapter for versions less than 0.12.0-6. A patched version of the package is available...

CVE-2026-39821 affecting package prometheus-adapter for versions less than 0.12.0-6

CVE-2026-39821 affecting package prometheus-adapter for versions less than 0.12.0-6. A patched version of the package is available...

CVE-2026-42506 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-42506 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...