SUSE-SU-2026:2354-1 Security update for wicked

This update for wicked fixes the following issues: - CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221...

CVE-2026-4843

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the processajaxrestoreaction function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and...

PT-2026-24584

🚨 CVE-2026-1753 The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could allow contributors and above role to update arbitrary boolean and array options such as users can register. 🎖@cveNotify...

EUVD-2026-9826

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Strategy sync, HTTP API client, config options engine modules allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files...

PT-2026-23457

Name of the Vulnerable Software and Affected Versions RustDesk Client versions through 1.4.5 Description A flaw exists in RustDesk Client on Windows, MacOS, Linux, iOS, Android, and WebClient that allows manipulation of Application API Messages through a Man-in-the-Middle attack. The issue is...

EUVD-2026-5575

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

CVE-2025-68258 comedi: multiq3: sanitize config options in multiq3_attach()

In the Linux kernel, the following vulnerability has been resolved: comedi: multiq3: sanitize config options in multiq3attach Syzbot identified an issue 1 in multiq3attach that induces a task timeout due to open or COMEDIDEVCONFIG ioctl operations, specifically, in the case of multiq3 driver. Thi...

Security update for krb5

This update for krb5 fixes the following issues: CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 bsc1241219. Krb5, as a very old protocol, supported quite a number of ciphers that are not longer up to current...

CVE-2025-41039

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigadminlandingpage', 'datasconfigcurrency', 'datasconfigdbversion', 'datasconfigdefaultpagination',...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the datasconfigadminlandingpage, datasconfigcurrency, datasconfigdbversion, datasconfigdefaultpagination, datasconfigemailsetupfromemail, datasconfigemailsetuphost,...

PT-2025-35910

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied input. The vulnerability is present in the following parameters within the...

Fedora 41 : screen (2025-653690f2f7)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-653690f2f7 advisory. Update default config options for build. ---- New upstream release 5.0.1 Tenable has extracted the preceding description block directly from the...

Fedora 42 : screen (2025-f055a0d751)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f055a0d751 advisory. Update default config options for build. ---- New upstream release 5.0.1 Tenable has extracted the preceding description block directly from the...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: netfs: Only create /proc/fs/netfs with CONFIGPROCFS enabled. When testing a special configuration: CONFIGNETFSSUPPORTS=y CONFIGPROCFS=n The system crashes with something like: 3.766197 ------------ Cut here ------------ 3.766484...

SUSE-SU-2025:20395-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - Update to release 3.49.1: Improve portability of makefiles and configure scripts. CVE-2025-29087: Fixed Integer Overflow in SQLite concat Function bsc1241020 CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component...

SUSE-SU-2025:20323-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: - Update to release 3.49.1: Improve portability of makefiles and configure scripts. CVE-2025-29087, bsc1241020: Fix a bug in the concatws function, introduced in version 3.44.0, that could lead to a memory error if the separator string is very...

Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

Neurax - A Framework For Constructing Self-Spreading Binaries

A framework that aids in creation of self-spreading software Requirements go get -u github.com/redcode-labs/Coldfire go get -u github.com/yelinaung/go-haikunator New in v. 2.0 New wordlist mutators + common passwords by country Improvised passive scanning .FastScan option that makes active scans ...

logrotten 3.15.1 - Privilege Escalation

logrotten 3.15.1 - Privilege Escalation Exploit Title: logrotten 3.15.1 - Privilege Escalation Date: 2019-10-04 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all version...

CVE-2019-16925

Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change th...