Linux Distros Unpatched Vulnerability : CVE-2026-43461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: Fix DMA mapping error handling Fix three bugs in amlsfcdmabuffersetu...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper setting or clearing of CR8 write interception when AVIC is activated. This vulnerability...

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

OPENSUSE-SU-2026:10769-1 flux2-cli-2.8.7-1.1 on GA media

These are all security issues fixed in the flux2-cli-2.8.7-1.1 package on the GA media of openSUSE Tumbleweed...

Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Analytics dashboard chart rendering impacts GitLab EE Cross-site Scripting issue in global search impacts GitLab CE/EE Cross-site Scripting issue in Duo Agent output rendering impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts...

CVE-2026-44246 nnU-Net: Agentic workflow injection in `.github/workflows/issue-triage.yml` of `MIC-DKFZ/nnUNet`

nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowednonwriteusers: $...

CVE-2026-44246

The CVE concerns nnU-Net (MIC-DKFZ/nnUNet) before version 2.4.1. The issue lies in the nnU-Net Issue Triage workflow at .github/workflows/issue-triage.yml, which sets allowed_non_write_users: ${{ github.event.issue.user.login }}. This allows any logged-in GitHub user opening an issue to reach an ...

Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review

May 2026's Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy landscape. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for May 2026 This...

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44292 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44292 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643320...

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

SUSE-SU-2026:21607-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues Updated to Firefox Extended Support Release 140.10.2 ESR bsc1264378,MFSA 2026-41: - CVE-2026-8090: Use-after-free in the DOM: Networking component. - CVE-2026-8091: Incorrect boundary conditions in the Audio/Video: Playback component. -...

SUSE-SU-2026:21627-1 Security update for openssh

This update for openssh fixes the following issues...

MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.492.b09-2.el9.ML.1 (AXSA:2026-610:09)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-610:09 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...

OPENSUSE-SU-2026:10753-1 cosign-3.0.6-1.1 on GA media

These are all security issues fixed in the cosign-3.0.6-1.1 package on the GA media of openSUSE Tumbleweed...

Apache Tomcat 安全漏洞

Apache Tomcat is a lightweight Web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Security vulnerabilities exist in versions of Apache Tomcat from 11.0.0-M1 to 11.0.21, from 10.1.0-M1 to 10.1.54, and from...

OPENSUSE-SU-2026:10752-1 OpenImageIO-3.1.13.1-2.1 on GA media

These are all security issues fixed in the OpenImageIO-3.1.13.1-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10763-1 regclient-0.11.4-1.1 on GA media

These are all security issues fixed in the regclient-0.11.4-1.1 package on the GA media of openSUSE Tumbleweed...

May 12, 2026-KB5087077 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 (build 28000) and later

May 12, 2026-KB5087077 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 build 28000 and later Release Date: May 12, 2026 Version: .NET Framework 3.5 The May 12, 2026 update installs the complete .NET Framework 3.5 product for Windows 11, version 26H1 build version 28000 and...

Fedora 45 : proftpd (2026-c8173d7dcd)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c8173d7dcd advisory. Automatic update for proftpd-1.3.9a-2.fc45. Changelog Mon May 11 2026 Paul Howarth - 1.3.9a-2 - Additional escaping for avoidance of SQL injection...

OPENSUSE-SU-2026:10762-1 rclone-1.74.1-1.1 on GA media

These are all security issues fixed in the rclone-1.74.1-1.1 package on the GA media of openSUSE Tumbleweed...