ack-3.10.0-1.1 on GA media (moderate)

ack-3.10.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10965-1 Rating: moderate Cross-References: CVE-2026-49145 CVE-2026-49146 CVE-2026-49147 Affected Products: openSUSE Tumbleweed An update that solves 3 vulnerabilities can now be installed. Description: These are all security issues fixe...

MiracleLinux 8 : ruby:3.3 (AXSA:2026-769:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-769:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml

internal/configgen/generator.go:86,108,119 interpolates the operator-supplied ListenHost and TunDevice fields raw into a text/template that produces the agent's config.yml. internal/web/advanced.go:20-35 accepts both with only strings.TrimSpace — no character or shape validation. Exploit An...

Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size

Summary The default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify HTTP3SETTINGSMAXFIELDSECTIONSIZE, the implementation defaults to an unbounded limit. This insecure default configuration...

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.10.3 security update

The multicluster engine for Kubernetes 2.10 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.10 images The multicluster engine for Kubernetes provides the foundational components that a...

CVE-2026-46286

In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull from a 3 bit register, yet the array being indexed has only 5 values i...

UBUNTU-CVE-2026-46286

In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull from a 3 bit register, yet the array being indexed has only 5 values i...

CVE-2026-46286

CVE-2026-46286 affects the Linux kernel’s leds: qcom-lpg driver. Root cause: selecting high-resolution values uses FIELD_GET() from a 3-bit register while indexing into an array that has only 5 values, risking out-of-bounds access. The description states this was resolved by adding a proper bound...

CVE-2026-46286 leds: qcom-lpg: Check for array overflow when selecting the high resolution

In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull from a 3 bit register, yet the array being indexed has only 5 values i...

CVE-2026-46441 Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

WordPress kk blog card plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin kk blog card versions = 1.3...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

CERTFR-2026-ACT-025

creationtimestamp| type| source ---|---|--- 2026-06-08 13:27:10+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mnrrvuu4na2y 2026-06-08 13:27:12+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116714715813037267 2026-06-08 14:11:50+00:00| seen|...

WordPress Accordions plugin <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting vulnerability

Authenticated Custom+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Accordion versions = 2.3.23...

EUVD-2026-35053

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

CVE-2026-11503

creationtimestamp| type| source ---|---|--- 2026-06-08 10:30:41+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mnri2bwqn322 2026-06-08 10:30:51+00:00| seen| https://infosec.exchange/users/offseq/statuses/116714021744747488 2026-06-08 11:25:46+00:00| seen|...

Security update for python311

This update for python311 fixes the following issues: CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

MINI-GXP3-V3H4-HC3G

Bulletin has no description...

CVE-2026-11482

creationtimestamp| type| source ---|---|--- 2026-06-08 04:30:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mnqtw6eeav22 2026-06-08 04:30:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116712605338377972 2026-06-08 07:17:44+00:00| seen|...