SUSE-SU-2026:20179-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396. - CVE-2026-24883: denial of service due to long signature packet length causing parsesignature to return success with sig-data set to a NULL...

SUSE-SU-2026:20195-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396. - CVE-2026-24883: denial of service due to long signature packet length causing parsesignature to return success with sig-data set to a NULL...

EUVD-2025-206538

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page...

PT-2026-5309

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page...

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti = 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject arbitrary HTML elements...

Cacti security vulnerabilities

Cacti is a set of open-source network traffic monitoring and analysis tools developed by the Cacti team. This tool retrieves data using SNMPGet, generates graphs with RRDTool for analysis, and provides features for data management and user administration. Cacti versions 1.2.29 and earlier contain...

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

CVE-2026-24741

ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...

Allocation of Resources Without Limits or Throttling

Overview std/archive/zip is a Go standard library package std/archive/zip Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: archive/zip uses a super-linear file name indexing algorithm that is invoked the first time ...

SUSE CVE-2026-24486

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A denial of service vulnerability exists in Google Go, which stems from the use of a hyperlinear filename indexing algorithm, and can be exploited by an attacker to cause a denial...

CVE-2026-24741

ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...

CVE-2026-24001

A flaw was found in jsdiff. A specially crafted patch input containing specific line break characters can cause the parsePatch method to enter an infinite loop, leading to uncontrolled memory consumption and a process crash, resulting in a denial of service. The applyPatch method is similarly...

CVE-2026-24486

A flaw was found in Python-Multipart, a tool for parsing multipart form data in Python applications. This vulnerability, known as path traversal, allows a remote attacker to write uploaded files to any location on the server's file system. This exploitation occurs when specific non-default...

DEBIAN-CVE-2026-24486

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

CVE-2026-24486

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

UBUNTU-CVE-2026-24486

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

CVE-2026-24486

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...