ALSA-2026:6906 Important: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

PT-2026-30849

Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution RCE vulnerability in the Blocks module...

CVE-2026-30460

CVE-2026-30460 affects Daylight Studio FuelCMS v1.5.2, with an authenticated remote code execution (RCE) vulnerability in the Blocks module. The description across Red Hat, ENISA EUVD, NVD, CVE Lists, and other connected feeds consistently identifies an authenticated RCE in the Blocks component. ...

kernel security update

6.12.0-124.49.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

Linux Distros Unpatched Vulnerability : CVE-2026-23451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bondheaderparse bondheaderparse can loop if a...

RHEL 9 : nginx:1.24 (RHSA-2026:6923)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6923 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

ALSA-2026:6923 Important: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

nginx security update

2:1.26.3-2.0.1.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 2:1.26.3-6 - Resolves: RHEL-157874 CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-5 - Resolves: RHEL-159433 CVE-2026-27651 nginx: NGINX: Denial of Service via...

FUEL CMS 安全漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.2 of FUEL CMS has a security vulnerability, which stems from an issue in the Blocks module where authenticated remote code execution is possible...

ROS-20260407-73-0002

A vulnerability in the getpatinfo function of the arch/x86/mm/pat/memtype.c module of the x86 platform of the Linux operating system kernel is related to the disclosure of sensitive information. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by the built-in APIs of node.js. There were security vulnerabilities in versions of Erlang/OTP prior to 28.4.2, 27.3.4.10, and 26.2.5.19. These vulnerabilities stemmed from improper...

SUSE CVE-2026-33487

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...

USN-8152-1 linux-oem-6.17 vulnerabilities

It was discovered that some AMD Zen 5 processors supporting RDSEED instruction did not properly handle entropy, potentially resulting in the consumption of insufficiently random values. A local attacker could possibly use this issue to influence the values returned by the RDSEED instruction causi...

CVE-2026-35199

SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height = 32 which include...

CVE-2026-35199

SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height = 32 which include...

EUVD-2026-19472

SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height = 32 which include...

Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the creation/editing module

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field...

GHSA-HJ9C-P59C-VQPH Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the creation/editing module

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field...

EUVD-2026-19344

Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...

GHSA-XQM9-6QMM-XRQH Feehi CMS has authenticated stored cross-site scripting (XSS) vulnerabilities via the Permissions module

Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...