CVE-2026-5774 Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map

Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token...

CVE-2026-5774

CVE-2026-5774 affects Canonical Juju API server components, where improper synchronization of the userTokens map in Juju 4.0.5, 3.6.20, and 2.9.56 can enable an authenticated user to cause a denial of service or potentially replay a single-use discharge token. Root cause: unsynchronized token map...

SUSE-SU-2026:21216-1 Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: - CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxyverf bsc1256780. - CVE-2026-22999: net/sched: schqfq: do not fre...

SUSE-SU-2026:1244-1 Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.16 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

PT-2026-31910

Name of the Vulnerable Software and Affected Versions Canonical Juju versions 2.9.56, 3.6.20, and 4.0.5 Description Improper synchronization within the userTokens map in the API server of Canonical Juju may allow an authenticated user to cause a denial of service on the server or potentially reus...

openSUSE 16 Security Update : mapserver (openSUSE-SU-2026:20476-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20476-1 advisory. Changes in mapserver: - Update to release 8.6.1 msSLDParseRasterSymbolizer: fix potential heap buffer overflow boo1260869 CVE-2026-33721 GetFeatureInfo...

WordPress Extensions for Leaflet Map plugin <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'elevation-track' Shortcode vulnerability discovered by zaim in WordPress Plugin Extensions for Leaflet Map versions = 4.14...

EUVD-2023-60554

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filterkeyword parameter. Attackers can craft URLs containing JavaScript payloads in the filterkeyword GET parameter of the...

CVE-2023-54361

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filterkeyword parameter. Attackers can craft URLs containing JavaScript payloads in the filterkeyword GET parameter of the...

CVE-2023-54361

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filterkeyword parameter. Attackers can craft URLs containing JavaScript payloads in the filterkeyword GET parameter of the...

CVE-2023-54361 Joomla iProperty Real Estate 4.1.1 Reflected XSS via filter_keyword

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filterkeyword parameter. Attackers can craft URLs containing JavaScript payloads in the filterkeyword GET parameter of the...

CVE-2023-54361

Joomla iProperty Real Estate 4.1.1 is affected by a reflected XSS in the filter_keyword parameter of the all-properties-with-map endpoint. The vulnerability allows an attacker to inject JavaScript payloads via a crafted URL, potentially executing code in a victim’s browser and compromising sessio...

CVE-2023-54361 Joomla iProperty Real Estate 4.1.1 Reflected XSS via filter_keyword

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filterkeyword parameter. Attackers can craft URLs containing JavaScript payloads in the filterkeyword GET parameter of the...

CVE-2026-39646

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through = 3.4.4...

Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.53 fixes various security issues The following security issues were fixed: CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689...

SUSE-SU-2026:1236-1 Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.53 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

SUSE-SU-2026:21060-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

SUSE-SU-2026:21090-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

SUSE-SU-2026:21058-1 Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

SUSE-SU-2026:21056-1 Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...