44 matches found
CVE-2026-40571
NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to path-traversal in golang os module [CVE-2026-27139]
Summary IBM Watson Speech Services Cartridge is vulnerable to path-traversal in golang os module, due to ability of a FileInfo action to reference a file outside of the Root in which the File was opened. CVE-2026-27139. Golang os module is used in our speech utilities. This vulnerabilitiy has bee...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to cross-site-scripting in golang Go html/template [CVE-2026-27142]
Summary IBM Watson Speech Services Cartridge is vulnerable to cross-site-scripting in golang Go html/template, due to a flaw which disables escaping of URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0 CVE-2026-27142. Golang Go html/template i...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to insufficient validation in url.Parse [CVE-2026-25679]
Summary IBM Watson Speech Services Cartridge is vulnerable to insufficient validation in url.Parse, which may cause acceptance of some invalid URLs CVE-2026-25679. url.Parse is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for remediation below...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in NLTK [CVE-2026-33236]
Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal in NLTK Natural Language Toolkit, caused by a NLTK downloader that does not validate the subdir and id attributes when processing remote XML index files CVE-2026-33236. NLTK is used in our speech runtimes. This...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX [GHSA-q56x-g2fj-4rj6]
Summary IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX, due to multiple issues in the saveexternaldata method which introduce an arbitrary file read/write on any system GHSA-q56x-g2fj-4rj6. ONNX is used in our speech runtimes. This vulnerabilitiy has been...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in ONNX [CVE-2026-28500]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in onnx.hub.load due to improper logic in the repository trust verification mechanismCVE-2026-28500. ONNX is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...
RHEL 9 : kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_134_1, kpatch-patch-5_14_0-284_148_1, and kpatch-patch-5_14_0-284_158_1 (RHSA-2026:19573)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19573 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...
SUSE-SU-2026:21777-1 Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16)
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...
SUSE SLES15 Security Update : kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1710-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1710-1 advisory. This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: -...
SUSE-SU-2026:21519-1 Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16)
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: - CVE-2026-23004: dst: fix races in rt6uncachedlistdel and rtdeluncachedlist bsc1258655. - CVE-2026-23204: net/sched: clsu32: use skbheaderpointercareful...
SUSE-SU-2026:21293-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: - CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...
SUSE-SU-2026:21305-1 Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: - CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...
EUVD-2026-24567
Craft CMS is a content management system CMS. In versions 5.6.0 through 5.9.14, the actionSavePermissions endpoint allows a user with only viewUsers permission to remove arbitrary users from all user groups. While saveUserGroups enforces per-group authorization for additions, it performs no...
SUSE-SU-2026:1278-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...
SUSE-SU-2026:21004-1 Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16)
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc bsc1258051. - CVE-2026-23111: netfilter: nftables: fix inverted genmask check i...
CVE-2026-39347 OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability...
SUSE SLES15 Security Update : kernel RT (Live Patch 5 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1185-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1185-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.19 fixes various security issues The following security issues were fixed: -...
CVE-2026-33157
Craft CMS 5.x (5.6.0–5.9.12) is vulnerable to authenticated Remote Code Execution via malicious attached behavior, due to un sanitized fieldLayouts in ElementIndexesController::actionFilterHud() feeding FieldLayout::createFromConfig(). The bug chain bypasses a prior fix that cleansed inputs with ...
SUSE-SU-2026:20847-1 Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: - CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer bsc1257118. - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to...