CVE-2026-6245 Sssd: out-of-bounds read in the sssd

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

EUVD-2026-22840

Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

MGASA-2026-0097 Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.130 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...

org.bouncycastle:bcmail-jdk14 (>=1.74 <=1.83), org.bouncycastle:bcpg-jdk14 (>=1.74 <=1.83) +11 more potentially affected by CVE-2026-0636 via org.bouncycastle:bcprov-jdk14 (>=1.74 <=1.83)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.74, =1.74, =1.74, =1.74, =1.74, =1.74, =0.2.5, =1.0.1-rc.1, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.3.2 Source cves: CVE-2026-0636 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075252...

CVE-2026-5598 Non-constant time comparisons risk private key leakage in FrodoKEM.

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84...

CVE-2026-5088 Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

CVE-2026-5088

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

perl:5.32 security update

An update is available for module.perl-CPAN-DistnameInfo, module.perl-Text-Diff, module.perl-Carp, perl-Data-Section, perl-Pod-Simple, perl-File-Fetch, perl-parent, perl-CPAN-Meta, module.perl-Exporter, module.perl-File-Fetch, perl-Pod-Usage, module.perl-Pod-Checker,...

EUVD-2026-22170

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

CVE-2026-34261

CVE-2026-34261 affects SAP Business Analytics and SAP Content Management. Root cause: missing authorization check enables an authenticated user to call certain remote function modules beyond their permissions. Impact: confidentiality is affected; no noted impact to integrity or availability. Expl...

CVE-2026-34261 Missing Authorization check in SAP Business Analytics and SAP Content Management

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

SAP Business Analytics和SAP Content Management 安全漏洞

SAP Business Analytics and SAP Content Management are both products of the German company SAP. SAP Business Analytics is a suite of enterprise data analysis and business intelligence solutions. SAP Content Management is an enterprise content storage and document management system. Both SAP Busine...

SAP Landscape Transformation 代码注入漏洞

SAP Landscape Transformation is a tool developed by SAP, a German company, for system data migration and integration. SAP Landscape Transformation has a code injection vulnerability; this vulnerability stems from vulnerabilities in the RFC-exposed function modules, which may allow for the injecti...

PT-2026-32970

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

Security Bulletin: Vulerability in IBM Spectrum Symphony with OpenSSL

Summary Vulerability in IBM Spectrum Symphony with OpenSSL Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDS...

Oracle Linux 9 : perl-XML-Parser (ELSA-2026-7679)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-7679 advisory. 2.46-9.1.0.1 - Add perlLWP, perlURI, perlURI::file Requires 2.46-9.1 - Fix CVE-2006-10002, CVE-2006-10003 Tenable has extracted the preceding descripti...

Exploit for SQL Injection in Devcode Openstamanager

CVE-2026-24417: OpenSTAManager has a Time-Based Blind SQL Inje...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: perl: perl-5.42.2-524.1.hum1 aarch64, x8664 perl-Attribute-Handlers-1.03-524.1.hum1 noarch perl-AutoLoader-5.74-524.1.hum1 noarch perl-AutoSplit-5.74-524.1.hum1 noarch perl-B-1.89-524.1.hum1...

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2026-39304 via org.apache.activemq:activemq-all (>=5.0.0 <=5.19.4)

org.apache.activemq:activemq-all MAVEN version =5.0.0, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-39304 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15992453...

CVE-2026-39346

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fix...