Important: Red Hat Security Advisory: Red Hat Offline Knowledge Portal security and content update

Red Hat Offline Knowledge Portal security fixes, bug fixes, enhancements & content update This Red Hat Offline Knowledge Portal release upgrades from Solr 9.8.1 to Solr 10.0.0, and fixes several CVEs. It also includes content updates as of May 26 2026...

CVE-2026-32693

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret...

CVE-2026-23632 Gogs user can update repository content with read-only permission

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, the endpoint "PUT /repos/:owner/:repo/contents/" does not require write permissions and allows access with read permission only via repoAssignment. After passing the permission check, PutContents invokes UpdateRepoFile,...

PT-2026-6756

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Description Gogs, a self-hosted Git service, has an issue where the API endpoint ''PUT /repos/:owner/:repo/contents/'' does not enforce write permissions correctly. It allows modification of repository contents...

podman security update

5.6.0-9.0.1 - Add devices on container startup, not on creation - overlay: Put should ignore ENINVAL for Unmount Orabug: 36234694 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117404 6:5.6.0-9 - update to the latest content of...

EUVD-2024-54143

Malicious code in bioql PyPI...

Important: Red Hat Security Advisory: Red Hat Offline Knowledge Portal update

Red Hat Offline Knowledge Portal update This is an update for the Red Hat Offline Knowledge portal that updates the content as of 25 Sep 2025. It also contains a mitigation for CVE-2025-5115, as well as small fix for the CVE and Errata search applications that adds a trailing slash to search resu...

podman security update

5.2.2-15.0.1 - podman: do not set rlimits to the default value Orabug: 37310981 - Add devices on container startup, not on creation - overlay: Put should ignore ENINVAL for Unmount Orabug: 36234694 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117404 4:5.2.2-15 - update ...

CVE-2024-12114

The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogalleryattachmentmodalsave AJAX action due to missing validation on a user controll...

Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike

On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike...

CVE-2024-3915 Swift Framework <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content Update

The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sfeditdirectoryitem function in all versions up to, and including, 2.7.31. This makes it possible for unauthenticated attackers to update arbitrary posts with...

WordPress Swift Framework plugin <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content Update vulnerability

Missing Authorization to Unauthenticated Arbitrary Content Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Swift Framework versions = 2.7.31...

WordPress ACF Front End Editor plugin <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Content Update vulnerability discovered by Francesco Carlucci in WordPress Plugin ACF Front End Editor versions = 2.0.2...

WordPress ACF On-The-Go plugin <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Content Update vulnerability discovered by Francesco Carlucci in WordPress Plugin ACF On-The-Go versions = 1.0.1...

March 26, 2024—KB5035942 (OS Builds 22621.3374 and 22631.3374) Preview

March 26, 2024—KB5035942 OS Builds 22621.3374 and 22631.3374 Preview 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise, Education, IoT Enterprise, and Enterprise multi-session...

Website Builder by SeedProd < 6.15.22 - Unauthenticated Plugin Page Content Update

Description The plugin does not have authorisation in its seedprodlitenewlpage function, allowing unauthenticated attackers to update the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin to a blank state PoC As unauthenticated, open the following URL to put t...

Website Builder by SeedProd < 6.15.22 - Unauthenticated Plugin Page Content Update

Description The plugin does not have authorisation in its seedprodlitenewlpage function, allowing unauthenticated attackers to update the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin to a blank state As unauthenticated, open the following URL to put the...

Impact of libwebp Vulnerability CVE-2023-4863

The Palo Alto Networks Product Security Assurance team has evaluated the recently disclosed critical libwebp vulnerability CVE-2023-4863 as it relates to our products. While PAN-OS 10.2 and later versions include this library, PAN-OS software does not offer any scenarios required for the successf...

PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication

A reflected cross-site scripting XSS vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link. Work around:...

podman security and bug fix update

4.4.1-3.0.1 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117404 2:4.4.1-3 - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel https://github.com/containers/podman/commit/e1703bb - Related: 2124478 2:4.4.1-2 - update to the latest...