SUSE-SU-2026:21543-1 Security update for java-25-openjdk

This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.3+9 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of...

CVE-2026-22019

Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft component: Person Search. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise H...

CVE-2026-21989

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

PT-2026-3688

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft versions 8.60 through 8.62 Description A flaw exists within the Portal component of Oracle PeopleSoft Enterprise PeopleTools that allows an unauthenticated attacker with network access via HTTP to compromise the system...

PT-2026-3677

Name of the Vulnerable Software and Affected Versions Oracle Solaris version 11 Description An issue exists within the Driver component of Oracle Solaris that could allow a high-privileged attacker with access to the system to compromise the operating system. Successful exploitation requires...

CVE-2020-10096

An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The...

CVE-2025-53053

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

EUVD-2017-1726

Malware in sbrugna...

EUVD-2017-1704

Malware in sbrugna...

EUVD-2021-21444

Malware in sbrugna...

EUVD-2018-14844

Malware in sbrugna...

EUVD-2017-1883

Malware in sbrugna...

EUVD-2022-35899

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-14876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1 -...

CVE-2025-27707

Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for IntelR TiberTM Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access...

CVE-2025-4855

The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sbencryption function in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to bypass authorization...

CVE-2025-3648

A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list ACL configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer...

Medium: mariadb1011

Issue Overview: Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols ...

FreeBSD : MongoDB -- may be susceptible to privilege escalation due to $mergeCursors stage (77dc1fc4-5bc5-11f0-834f-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 77dc1fc4-5bc5-11f0-834f-b42e991fc52e advisory. [email protected] reports: An unauthorized user may leverage a specially crafted aggregation pipeline to...

CVE-2025-49419 WordPress Foxit eSign for WordPress <= 2.0.3 - Other Vulnerability Type Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3...