FreeBSD Security Advisory - FreeBSD-SA-26:35.openssl

FreeBSD Security Advisory - Multiple issues have been reported as part of this advisory with different issues affecting different OpenSSL versions and therefore different FreeBSD versions...

PT-2026-48597

These are all security issues fixed in the libzypp-17.38.13-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-48609

These are all security issues fixed in the gdk-pixbuf-loader-libheif-1.23.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10988-1 perl-Protocol-HTTP2-1.130.0-1.1 on GA media

These are all security issues fixed in the perl-Protocol-HTTP2-1.130.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-46384

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

PT-2026-48114

These are all security issues fixed in the ack-3.10.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10965-1 ack-3.10.0-1.1 on GA media

These are all security issues fixed in the ack-3.10.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10974-1 python311-pypdf-6.13.0-1.1 on GA media

These are all security issues fixed in the python311-pypdf-6.13.0-1.1 package on the GA media of openSUSE Tumbleweed...

Important: perl-Archive-Tar

Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...

CVE-2026-11236

An insufficient policy enforcement flaw was found in the Web Bluetooth component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496427030...

AlmaLinux 9 : kernel (ALSA-2026:21556)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21556 advisory. kernel: proc: use the same treatment to check proclseek as ones for procreaditer et.al CVE-2025-38653 kernel: ima: don't clear IMADIGSIG flag when settin...

PT-2026-47165

Name of the Vulnerable Software and Affected Versions Onedev versions prior to 15.0.6 Description Improper authorization exists in the Pull Request Handler component within the /issues/ file. Specifically, the canAccessIssue function fails to properly validate the issue argument, allowing a remot...

RHEL 9 : flatpak (RHSA-2026:23419)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23419 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

RHEL 8 : openssh (RHSA-2026:22329)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22329 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

RHEL 9 : openssh update (Important) (RHSA-2026:22564)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22564 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

RHEL 9 : firefox (RHSA-2026:22410)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22410 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

EUVD-2026-31862

Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known...

CVE-2026-47716

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This...

CVE-2025-13874

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...

CVE-2026-34754

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow an authenticated user to upload attachments to private Issues they are not authorized to access. This issue has been fixed in version 2.28.2...