Security update for postgresql14

This update for postgresql14 fixes the following issues Update to version 14.23. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

Security update for postgresql14

This update for postgresql14 fixes the following issues Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against malicious time zone names...

OpenTelemetry Collector Contrib 信任管理问题漏洞

OpenTelemetry Collector Contrib is an extensible telemetry data collection component library developed by OpenTelemetry - CNCF. Versions of OpenTelemetry Collector Contrib prior to 1.1.0 contained a trust management vulnerability. This vulnerability stemmed from the lack of validation of HTTPS/TL...

Security update for postgresql15

This update for postgresql15 fixes the following issues Update to version 15.18. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

SUSE SLES12 Security Update : postgresql18 (SUSE-SU-2026:1946-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1946-1 advisory. This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2652 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2652 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16698136...

OpenTelemetry Collector Contrib 安全漏洞

OpenTelemetry Collector Contrib is an extensible telemetry data collection component library developed under OpenTelemetry - CNCF. There are security vulnerabilities in versions 0.124.0 to 0.150.0 of OpenTelemetry Collector Contrib. These vulnerabilities stem from the Authenticate method not...

OpenTelemetry .NET Contrib 安全漏洞

OpenTelemetry .NET Contrib is an open-source telemetry data collection and processing library developed by OpenTelemetry - CNCF. Versions 1.8.0 to 1.15.2 of OpenTelemetry .NET Contrib contain security vulnerabilities. These vulnerabilities stem from the OTLP disk retry feature being reverted to a...

OpenTelemetry .NET Contrib 安全漏洞

OpenTelemetry .NET Contrib is an open-source telemetry data collection and processing library developed by OpenTelemetry - CNCF. Versions of OpenTelemetry .NET Contrib prior to 1.15.0 contain security vulnerabilities. These vulnerabilities stem from the HttpJsonPostTransport class, which allows...

OpenTelemetry .NET Contrib 安全漏洞

OpenTelemetry .NET Contrib is an open-source telemetry data collection and processing library developed by OpenTelemetry - CNCF. Previous versions of OpenTelemetry .NET Contrib, such as 0.1.0-alpha.8, contained security vulnerabilities. These vulnerabilities stemmed from reading HTTP response...

Malicious Package

Overview node-red-contrib-yolo-object-detection is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

CLEANSTART-2026-LD15132 Security fixes for CVE-2020-8912, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-6g7g-w4f8-9c9x, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 0.142.0-r0, 0.144.0-r0, 0.144.0-r1, 0.144.0-r2, 0.144.0-r3

Multiple security vulnerabilities affect the opentelemetry-collector-contrib-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-32285 vulnerabilities

Vulnerabilities for packages: nfpm, lazygit, cri-tools, loki, grafana-alloy, dagger, dgraph, terraform-mcp-server, minio, rclone, terragrunt, eksctl, k3s, weaviate, k8sgpt, mcp-grafana, ollama, opentelemetry-collector, prometheus, datadog-agent, tempo, redpanda, maru, grafana, malcontent, nuclei,...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +24 more potentially affected by CVE-2025-15381 via mlflow-skinny (>=3.0.0 <=3.11.0rc0)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =7.1.1, =3.0.0, =3.11.0rc0 and more Source cves: CVE-2025-15381 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-15870197...

ROS-20260327-73-0014

Vulnerability in opentelemetry-collector-contrib related to incorrect resource initialization. Exploitation of the vulnerability may allow an attacker to cause a denial of service...

ROS-20260327-73-0013

Vulnerability in opentelemetry-collector-contrib related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2026-3212 Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.49...

CVE-2026-4738

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal frmts/zlib/contrib/infback9 modules. This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0...

AZL-79520 CVE-2026-3713 affecting package libpng15 1.5.30-15

A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function dopnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local...

OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. A visitor who successfully logs in to their Identity Provider and ...