PT-2026-38210

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Side-channel information leakage in Media allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update to version 148.0.7778.96 or...

CVE-2026-6321

fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize and equal functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications...

RUSTSEC-2026-0119 CPU exhaustion during message encoding due to O(n²) name compression

During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...

Fedora 44 : rust-rustls-webpki (2026-8f36b2341e)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8f36b2341e advisory. Update to version 0.103.13. Addresses RUSTSEC-2026-0098, RUSTSEC-2026-0099, RUSTSEC-2026-0104. ---- Update to version 0.103.10. Addresses RUSTSEC-2026-0049...

PT-2026-36503

Name of the Vulnerable Software and Affected Versions AGL app-framework-binder afb-daemon versions prior to 19.90.1 Description A privilege escalation issue exists in the supervision Do command. The on supervision call function in src/afb-supervision.c nullifies request credentials by calling afb...

PT-2026-36506

Name of the Vulnerable Software and Affected Versions AGL app-framework-main versions 17.1.12 and earlier Description A Zip Slip path traversal issue combined with a Time-of-Check to Time-of-Use TOCTOU race condition exists in the widget installation flow. The is valid filename function in...

SUSE SLES15 Security Update : go1.26-openssl (SUSE-SU-2026:1580-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1580-1 advisory. - Update to go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143:...

PT-2026-37175

Name of the Vulnerable Software and Affected Versions nova-toggle-5 versions prior to 1.3.0 Description The toggle endpoint "POST /nova-vendor/nova-toggle/toggle/resource/resourceId" was protected only by web and auth: middleware. This allowed any user authenticated on the configured guard to fli...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2026:1572-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1572-1 advisory. Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect...

Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to go1.25.9 bsc1244485. CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. CVE-2026-27144: cmd/compile:...

SUSE-SU-2026:1581-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: - Update to go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go1.26.2 bsc1255111. CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. CVE-2026-27144: cmd/compile:...

SUSE-SU-2026:1580-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: - Update to go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

CVE-2026-3960

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

SUSE-SU-2026:21379-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

PT-2026-33883

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.1.64 Description The sandbox in this agentic coding tool failed to prevent sandboxed processes from creating symbolic links symlinks pointing to locations outside the workspace. When the unsandboxed process wrot...

SUSE SLES15 Security Update : buildah (SUSE-SU-2026:1480-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1480-1 advisory. This update for buildah rebuilds it against the current go 1.25 security release. Tenable has extracted the preceding description block...

Security update for go1.26 (important)

openSUSE security update: security update for go1.26 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20571-1 Rating: important References: bsc1255111 bsc1261653 bsc1261654 bsc1261655 bsc1261656 bsc1261657 bsc1261658 bsc1261659 bsc1261660 bsc1261661...

SUSE-SU-2026:1483-1 Security update for helm

This update for helm fixes the following issues: - CVE-2025-55199: crafted JSON Schema can lead to out of memory OOM termination bsc1248093. - CVE-2026-35206: files written to unexpected directory via specially crafted Chartbsc1261938. Changes for helm: - Update to version 3.20.2...

SUSE-SU-2026:1439-1 Security update for openvswitch

This update for openvswitch fixes the following issue: Security updates: - CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273. Other updates: - Update openvswitch to 3.5.4...