Unity Linux 20.1070e Security Update: maven (UTSA-2026-017745)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017745 advisory. Apache Maven will follow repositories that are defined in a dependencys Project Object Model pom which may be surprising to some users, resulting in potential risk i...

PT-2026-39723

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities originate from the ogsnnrfnfmhandlenfprofile function in the...

Sonatype Nexus Repository 跨站脚本漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software, etc. Versions of Sonatype Nexus Repository from 3.6.0 to 3.92.0 contained a cross-site scripting vulnerability. This...

CVE-2026-42576

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g...

CVE-2026-42576 apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g...

CVE-2026-42576

CVE-2026-42576 affects chainguard/apko. Before v1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as *rsa.PublicKey without key-type checks. If a repository JWKS endpoint returns a non-RSA key (e.g., EC), an unchecked type assertion panics, crashing apko ...

CVE-2026-42576

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g...

EUVD-2026-28934

apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g...

Server-Side Request Forgery

Weblate is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to missing validation of repository URLs during project backup import, where Component.objects.bulkcreate bypasses Django fullclean validation and allows attacker-controlled repository URLs to be written into...

SUSE CVE-2026-44243

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository's .git directory...

PT-2026-39419

Name of the Vulnerable Software and Affected Versions Next.js versions 13.4.6 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description React Server Component responses are susceptible to cache poisoning in deployments utilizing shared caches with insufficient response partitioning...

GHSA-JQFC-GWJ5-3W63 free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does not exist in UESubsCollection. The processor checks value, ok :=...

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks , ok =...

GHSA-4RQF-GRM6-VF75 free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks , ok =...

free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference

Summary free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the consumer wrapper returns err != nil together with a nil response struct. The...

SUSE-SU-2026:1784-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: - CVE-2026-40176: arbitrary command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: arbitrary command injection via malicious Perforce source reference/url bsc1262255...

CVE-2026-44334

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...

Remote Code Execution

Sonatype Nexus Repository is vulnerable to Remote Code Execution. The vulnerability is due to a flaw in the task management component, where an authenticated attacker with task creation permissions can bypass the nexus.scripts.allowCreation security control and execute arbitrary code...

SUSE CVE-2026-41654

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...