KB5087539: Windows Server 2025 Security Update (May 2026)

The remote Windows host is missing security update 5087539 or hotpatch 5087423. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. CVE-2026-41096 - Stack-based buffer overflow...

CVE-2026-7271

A vulnerability was detected in DV0x creative-ad-agent up to 751b9e5146604dc65049bd0f62dcbdad6212f8a3. Impacted is an unknown function of the file server/sdk-server.ts of the component creative-ad-agent-server. Performing a manipulation of the argument req.params results in path traversal. Remote...

PocketMine-MP: JSON decoding of unlimited size large arrays/objects in ModalFormResponse Handling

Impact The server does not meaningfully limit the size of the JSON payload in ModalFormResponsePacket. This can be abused by an attacker to waste memory and CPU on an affected server, e.g. by sending arrays with millions of elements. The player must have a full session on the server i.e. spawned ...

BIT-PARSE-2026-34595 Parse Server: LiveQuery protected-field guard bypass via array-like logical operator value

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.70 and 9.7.0, an authenticated user with find class-level permission can bypass the protectedFields class-level permission setting on LiveQuery subscriptions. By sending a...

CVE-2026-34373

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.66 and 9.7.0-alpha.10, the GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This...

GraphQL API endpoint ignores CORS origin restriction

Impact The GraphQL API endpoint does not respect the allowOrigin server option and unconditionally allows cross-origin requests from any website. This bypasses origin restrictions that operators configure to control which websites can interact with the Parse Server API. The REST API correctly...

PT-2026-29167

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.66 Parse Server versions prior to 9.7.0-alpha.10 Description Parse Server, an open source backend deployable on Node.js infrastructures, has an issue where the GraphQL API endpoint does not enforce the...

GHSA-G4CF-XJ29-WQQR Parse Server: Denial of Service via unindexed database query for unconfigured auth providers

Impact An unauthenticated attacker can cause Denial of Service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a database query for each unconfigured provider before rejecting the request, and since no database index exists for unconfigured...

Security update for 389-ds

This update for 389-ds fixes the following issues: CVE-2025-14905: Fixed heap buffer overflow due to improper size calculation in schemaattrenumcallback callback bsc1258727. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

GHSA-7XG7-RQF6-PW6C Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Impact The GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API routes without master key authentication. This bypasses the master key enforcement that exists on the dedicated /graphql-config and...

PT-2026-23754

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.7 Parse Server versions prior to 9.5.0-alpha.6 Description Parse Server is an open-source backend deployable on Node.js infrastructures. A malformed $regex query parameter, such as abc, can cause the database...

Recommended update for kernel-firmware

This update for kernel-firmware fixes the following issues: Update AMD ucode to 20251203 bsc1256483 Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

EUVD-2025-199888

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

Security update for open-vm-tools

This update for open-vm-tools fixes the following issues: CVE-2025-41244: fixed a local privilege escalation vulnerability bnc1250373. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

EUVD-2024-41285

Malicious code in bioql PyPI...

EUVD-2024-41433

Malicious code in bioql PyPI...

EUVD-2022-1607

Malicious code in bioql PyPI...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2025-53014: Fixed an off-by-one error may cause an out-of-bounds memory access bsc1246530 CVE-2025-53019: Fixed format specifiers in a filename template may cause a memory leak bsc1246534 Patch Instructions: To install this SUSE update u...

Security update for sqlite3

This update for sqlite3 fixes the following issues: Update to version 3.50.2 CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. bsc1246597 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Linux Distros Unpatched Vulnerability : CVE-2023-21920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.32 and prior. Easily...