SUSE-SU-2026:2243-1 Security update 5.0.8 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Security Fixes: - CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248707 golang-github-prometheus-nodeexporter: - Backward Compatibility and packaging changes: - Added compatibility...

Amazon Kiro IDE 安全漏洞

Amazon Kiro IDE is an integrated development environment developed based on AI specifications by Amazon, Inc. Versions of Amazon Kiro IDE prior to 0.11 contained a security vulnerability. This vulnerability stemmed from insufficient access control restrictions in the file writing tool, allowing...

Open5GS 缓冲区错误漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain a buffer error vulnerability. This vulnerability stems from the handlescpinfo function in the Shared NF-profile Parser...

CVE-2026-9291

Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results. We recommend you upgrade to...

CVE-2026-9291

Summary: CVE-2026-9291 describes an insecure deserialization flaw in the Amazon Braket SDK’s job results processing. Affected software: Amazon Braket SDK (job results processing component) before version 1.117.0. Impact (as stated): A remote authenticated user with S3 write access to the job outp...

EUVD-2026-31483

Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results. We recommend you upgrade to...

Netatalk 路径遍历漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.1.0 to 4.4.2 of Netatalk contained a path traversal vulnerability. This vulnerability stemmed from incomplete cleanup of...

Astra Linux - уязвимость в chromium, firefox, thunderbird, libwebp

A heap buffer overflow in libwebp in Google Chrome prior to version 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. Chromium security severity: Critical...

Astra Linux - уязвимость в chromium

Before version 124.0.6367.207, writing out-of-bounds data in V8 using Google Chrome allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...

CVE-2026-8567

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8552

Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2026-8552

Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

Linux Distros Unpatched Vulnerability : CVE-2021-26528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mghttpservefile function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool...

Linux Distros Unpatched Vulnerability : CVE-2021-26530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 compiled with OpenSSL support is vulnerable to remote OOB write attack via connection request after...

Linux Distros Unpatched Vulnerability : CVE-2021-26529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 compiled with mbedTLS support is vulnerable to remote OOB write attack via connection...

Prometheus Azure AD remote write OAuth client secret exposed via config API

...

GHSA-FW8G-CG8F-9J28 Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display

Impact In the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them into the HTML for use as axis tick mark labels. An attacker who can inject crafted metrics e.g. via a...

GHSA-WG65-39GG-5WFJ Prometheus Azure AD remote write OAuth client secret exposed via config API

Impact Users who use Azure AD remote write with OAuth authentication are impacted. The clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the...

Prometheus Azure AD remote write OAuth client secret exposed via config API

Impact Users who use Azure AD remote write with OAuth authentication are impacted. The clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the...

PT-2026-38157

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in FileSystem allows a remote attacker who has compromised the renderer process to perform arbitrary read and write operations via a crafted...