SUSE-SU-2026:21881-1 Security update for helm

This update for helm fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled configuration...

SUSE-SU-2026:21952-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

CVE-2026-46365

phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...

SUSE-SU-2026:21915-1 Security update for helm

This update for helm fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled configuration...

Security update for helm

This update for helm fixes the following issues Security issues: CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

SUSE-SU-2026:2049-1 Security update for helm

This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265758. - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled...

Linux Distros Unpatched Vulnerability : CVE-2026-41888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the...

CVE-2026-41888

A flaw was found in Distribution, a software toolkit used for managing container content. This vulnerability allows a remote attacker to bypass security settings designed to prevent the deletion of container tags. By sending a specific request, an attacker can remove tags from repositories even...

SUSE CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

GHSA-5H62-F8FG-4W7Q phpMyFAQ: Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags

phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...

CVE-2026-46365

This CVE affects phpMyFAQ prior to 4.1.2, where a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint allows any authenticated user (including regular frontend users) to delete arbitrary tags by sending a DELETE with a valid session cookie, causing permanent...

CVE-2026-46365 phpMyFAQ - Missing Authorization in Tag Deletion Endpoint

phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/tagId endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete arbitrary tags by sending a DELETE request with a valid...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a security vulnerability. This vulnerability stemmed from the lack of authorization for the DELETE /admin/api/content/tags/tagId endpoint. As a result, any...

CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

DEBIAN-CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

UBUNTU-CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

CVE-2026-41888 Distribution: Tag deletion bypasses `storage.delete.enabled` configuration

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...