CVE-2026-35447

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

openSUSE 16 Security Update : roundcubemail (openSUSE-SU-2026:20852-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20852-1 advisory. Changes in roundcubemail: - update to 1.6.16 - Fix potential too long value in IMAP ID command 10136 - Security: Fix stored XSS/HTML/CSS injecti...

Updated vim packages fix security vulnerabilities

Heap Buffer Overflow in spell file loading affects Vim 9.2.0450. CVE-2026-45130 Vimscript Code Injection in netrw NetrwMarkFile via crafted filename affects Vim 9.2.0480. CVE-2026-43961 Command Injection in tar.vim affects Vim 9.2.0479. CVE-2026-46483 Vimscript Code Injection in netrw...

Security update for perl-YAML-Syck (moderate)

openSUSE Security Update: Security update for perl-YAML-Syck Announcement ID: openSUSE-SU-2026:0180-1 Rating: moderate References: 1252111 1259757 Cross-References: CVE-2025-11683 CVE-2026-4177 CVSS scores: CVE-2025-11683 SUSE: 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products:...

OPENSUSE-SU-2026:20828-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...

Security update for postgresql14

This update for postgresql14 fixes the following issues Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against malicious time zone names...

OPENSUSE-SU-2026:20812-1 Security update for cups

This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. - CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss bsc1261571. - CVE-2026-34979: Heap overflow in getoption...

CVE-2026-42534 Jostle logic bypass degrades resolution performance

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potentia...

Important: Red Hat Security Advisory: python3.14 security update

An update for python3.14 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Security update for go1.26 (important)

openSUSE security update: security update for go1.26 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20762-1 Rating: important References: bsc1170826 bsc1255111 bsc1264499 bsc1264500 bsc1264501 bsc1264502 bsc1264503 bsc1264504 bsc1264505 bsc1264506...

CLEANSTART-2026-KF86214 Security fixes for CVE-2025-61730, CVE-2025-61732, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-39883 applied in versions: 3.4.0-r7, 3.4.0-r8

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-AH29678 Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289 applied in versions: 1.2.1-r1, 1.2.1-r3

Multiple security vulnerabilities affect the stakater-reloader-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

OPENSUSE-SU-2026:20762-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

Security update for go1.25

This update for go1.25 fixes the following issues Security issues: CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. CVE-2026-39817: cmd/go: "go tool pack" does not...

GHSA-RJG2-95X7-8QMX Strapi may leak sensitive data via relational filtering due to lack of query sanitization

Summary of CVE-2026-27886 Vulnerability Details - CVE: CVE-2026-27886 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N 9.3 — Critical - Affected Versions: @strapi/strapi =5.37.0 Description of CVE-2026-27886 Strapi versions prior to 5.37.0 did not sufficiently...

Fedora 43 : nix (2026-5dfbb9ed69)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5dfbb9ed69 advisory. - update to 2.31.5: fixes high GHSA-vh5x-56v6-4368 and moderate GHSA-gr92-w2r5-qw5p -...

Strapi: Password Reset Does Not Revoke Existing Refresh Sessions

Summary of CVE-2026-22706 Vulnerability Details - CVE: CVE-2026-22706 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N 2.1 — Low - Affected Versions: @strapi/admin and @strapi/plugin-users-permissions =5.33.3 Description of CVE-2026-22706 In Strapi versions prio...

Prometheus exporter process crash via malformed HTTP request

Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...

GROWI vulnerable to path traversal

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-41951 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security Early Warning...

Important: kernel-livepatch-6.12.77-99.140

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...