SUSE CVE-2023-20585

Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity...

Security update for NetworkManager

This update for NetworkManager fixes the following issue: CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

CVE-2025-15622

Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...

ROS-20260417-73-0035

Vulnerability in zabbix7.2 related to failure to take measures to protect sql query structure. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007481)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007481 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007502)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007502 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: avoid soft lockup when mprotect to large memory area When calling mprotect to a larg...

Dell PowerProtect Data Domain 安全漏洞

Dell PowerProtect Data Domain is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and data deactivation. Vulnerabilities exist in versions 7.7.1.0 to 8.5 of Dell PowerProtect Data Domain, as well as in LTS2025 versions 8.3.1.0 to 8.3.1.2...

Dell PowerProtect Data Domain（Dell PowerProtect DD） 安全漏洞

The Dell PowerProtect Data Domain is a data protection storage appliance that is primarily used for enterprise-class backup, archiving, and disaster recovery. An OS command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure to properly neutrali...

PT-2026-33462

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper handling of GPU memory reservation protections allows software installed and run as a non-privileged user to conduct improper GPU system calls. This can...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007281)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007281 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfsbreakactiveprotection The sysfsbreakactiveprotection routin...

ROS-20260417-73-0027

Vulnerability in rubygem-rack related to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Dell PowerProtect Data Domain 安全漏洞

Dell PowerProtect Data Domain is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Security vulnerabilities exist in versions 7.7.1.0 to 8.5 of Dell PowerProtect Data Domain BoostFS, as well as in versions 8.3.1.0 to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007555)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007555 advisory. In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in toatmarpd. atmarpd is protected by RTNL since commit...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007476)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007476 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes with dev-modeconfig.mutex The modes array contains pointers to...

langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding

Summary langchain-openai's urltosize helper used by getnumtokensfrommessages for image token counting validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This left a TOCTOU / DNS rebinding window: an attacker-controlled hostnam...

Cross-site Request Forgery (CSRF)

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the Client integrations due to the lack of CSRF protection for cash parameters. An attacker can perform unauthorized actions on behalf...

GHSA-JJ8C-MMJ3-MMGV Authlib: Cross-site request forging when using cache

Summary There is no CSRF protection on the cache feature on most integrations clients. Details In authlib.integrations.starletteclient.OAuth, no CSRF protection is set up when using the cache parameter. When not using the cache parameter, the use of SessionMiddleware ties the client to the auth...

UBUNTU-CVE-2023-20585

Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity...

CVE-2023-20585

Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity...

CVE-2024-4867

The CVE-2024-4867 entry describes a cross-site scripting (XSS) vulnerability in the WSO2 API Manager developer portal. User-supplied input is not properly validated or output-encoded, enabling injection of script content executed in the user’s browser. Exploitation can cause the UI to redirect to...