37045 matches found
OPENSUSE-SU-2026:11136-1 ocaml-4.14.4-1.1 on GA media
These are all security issues fixed in the ocaml-4.14.4-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:11138-1 jupyter-jupyterlab-templates-0.5.3-2.1 on GA media
These are all security issues fixed in the jupyter-jupyterlab-templates-0.5.3-2.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-10804
A flaw was found in Streamlit, within its Palette Handler component. This vulnerability stems from the use of a weak hashing algorithm. A local attacker could exploit this flaw, though it requires a high level of technical complexity. Successful exploitation may lead to a low impact on the...
CVE-2026-9717
CWE-78 Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts wi...
EUVD-2026-39434
CWE-78 Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts wi...
EUVD-2026-39189
The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'postid' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficie...
EUVD-2026-39180
shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...
OPENSUSE-SU-2026:11118-1 jackson-databind-2.18.8-1.1 on GA media
These are all security issues fixed in the jackson-databind-2.18.8-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:11117-1 giflib-devel-32bit-5.2.2-4.1 on GA media
These are all security issues fixed in the giflib-devel-32bit-5.2.2-4.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:11121-1 corepack24-24.17.0-1.1 on GA media
These are all security issues fixed in the corepack24-24.17.0-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-12770
A flaw was found in BerriAI litellm. A remote attacker could exploit an improper authorization vulnerability within the Admin Key Handler component. This could allow the attacker to perform unauthorized actions, leading to limited impacts on data integrity and service availability...
CVE-2025-61025
A flaw was found in virtuoso-opensource. Attackers can exploit this vulnerability by sending specially crafted SQL statements, which can lead to a Denial of Service DoS. This issue impacts the availability of the affected system...
CVE-2026-56762 Hono - Missing Cookie Name Validation in setCookie()
Hono before 4.12.12 does not validate cookie names on the write path in the setCookie, serialize, and serializeSigned functions, allowing invalid characters such as control characters e.g. \r or \n when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie...
Important: Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.6.12
Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images. Assisted Installer RHEL 8 integrates components for the general multicluster engine for Kubernetes 2.6.12 release that simplify the process of...
CVE-2026-10521
An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability...
EUVD-2026-38422
An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability...
OPENSUSE-SU-2026:11110-1 nodejs26-26.3.1-1.1 on GA media
These are all security issues fixed in the nodejs26-26.3.1-1.1 package on the GA media of openSUSE Tumbleweed...
PT-2020-8615
This update for xar fixes the following issues: Changes in xar: - Switch to the maintained Apple xar lineage build 503, versioned 1.8.0.0.503: the mackyle 1.6.1 fork this package tracked has been dead since 2012, and Debian, Fedora and Gentoo all moved to Apple's xar apple-oss-distributions/xar...
PT-2020-8614
This update for xar fixes the following issues: Changes in xar: - Switch to the maintained Apple xar lineage build 503, versioned 1.8.0.0.503: the mackyle 1.6.1 fork this package tracked has been dead since 2012, and Debian, Fedora and Gentoo all moved to Apple's xar apple-oss-distributions/xar...
OPENSUSE-SU-2026:11091-1 kubevirt1.8-container-disk-1.8.3-1.1 on GA media
These are all security issues fixed in the kubevirt1.8-container-disk-1.8.3-1.1 package on the GA media of openSUSE Tumbleweed...