SUSE-SU-2026:1633-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. - CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. - CVE-2026-25952: Heap-use-after-free in...

CVE-2026-6272

The CVE-2026-6272 issue affects the production kuksa.val.v2 gRPC API, specifically the OpenProviderStream path used with a ProvideSignalRequest. A client that only has a read JWT scope can register as a signal provider, which enables attacker-controlled GetProviderValueResponse forwarding. This l...

EUVD-2026-25409

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007221)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007221 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: fix overflows checks in provide buffers Colin reported before possible overflow and sign...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001219)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001219 advisory. The iouring subsystem in the Linux kernel allowed the MAXRWCOUNT limit to be bypassed in the PROVIDEBUFFERS operation, which led to negative values being usedin memr...

EUVD-2025-199470

Malicious code in @oku-ui/provide npm...

MAL-2025-191269 Malicious code in @oku-ui/provide (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bceb097a6beb77ac5fc263ee454d0ecd1017974f1c061ea01befb653de24d561 The package @oku-ui/provide was found to contain malicious code. Source: google-open-source-security...

@oku-ui/accordion (>=0.5.0 <=0.6.1), @oku-ui/alert-dialog (>=0.0.1 <=0.6.1) +24 more potentially affected by unknown CVE via @oku-ui/provide (>=0.0.1 <=0.6.1)

@oku-ui/provide NPM version =0.0.1, =0.5.0, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.6.0, =0.4.0, =0.2.0, =0.4.0, =0.0.1, =0.1.0, =0.6.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-191269...

EUVD-2020-4045

Malware in sbrugna...

EUVD-2020-4047

Malware in sbrugna...

EUVD-2020-4044

Malware in sbrugna...

EUVD-2020-4049

Malware in sbrugna...

EUVD-2020-4046

Malware in sbrugna...

EUVD-2020-4043

Malware in sbrugna...

EUVD-2020-4048

Malware in sbrugna...

EUVD-2020-4050

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414591)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414591 advisory. The iouring subsystem in the Linux kernel allowed the MAXRWCOUNT limit to be bypassed in the PROVIDEBUFFERS operation, which led to negative values being usedin memr...

EUVD-2023-41142

Malicious code in bioql PyPI...

EUVD-2024-45849

Malicious code in bioql PyPI...

EUVD-2023-27386

Malicious code in bioql PyPI...