CVE-2026-9881 vulnerabilities

Vulnerabilities for packages: chromium...

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed...

CVE-2026-39821 vulnerabilities

Vulnerabilities for packages: istio-fips, dragonfly-operator-fips, seaweedfs-operator-fips, longhorn-instance-manager-fips, kyverno-policy-reporter-plugins-trivy, kube-oidc-proxy, kserve-localmodelnode-agent, cloud-sql-proxy, gatus-fips, velero-fips, kubernetes-csi-external-health-monitor,...

cockpit security update

An update is available for cockpit. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. I...

CVE-2026-4104 SQLi in Akmer Informatics' TeknoPass

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429...

CVE-2026-36175

Technical details enabling exploitation are not publicly available in the provided documents. The GNCC GP5 U-Boot vulnerability description is repeated across sources; monitor for updated advisories or technical specifics.

PT-2026-45866

Name of the Vulnerable Software and Affected Versions ahujasid blender-mcp versions prior to 5b37be25242e73dc4cf1328974d30458b9e5d67e Description An injection issue exists in the Open function within the src/blender mcp/server.py file. This occurs when the input image url argument is manipulated,...

Important: Red Hat Security Advisory: Multicluster Global Hub 1.4.5 security update

Multicluster Global Hub v1.4.5 general availability release images, which provide security fixes, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

PT-2026-45279

A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock manager.php. This manipulation of the argument txt search category causes sql injection. The attack may be initiated remotely. The exploit has...

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux SIG Cloud 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux...

CVE-2026-10063

TRENDnet TEW-432BRP firmware 3.10B20 contains a stack-based buffer overflow in the formWPS function (/goform/formWPS) caused by manipulation of the peerPin parameter. The vulnerability can be exploited remotely, and public exploit code is available. The vendor notes the product is EOL (since 2009...

Linux Distros Unpatched Vulnerability : CVE-2026-9967

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

CVE-2026-34311

CVE-2026-34311 concerns Oracle Hospitality OPERA 5 Property Services (Opera component). Affected versions are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6, and 5.6.28. The vulnerability is exploitable over HTTP with network access and unauthenticated, leading to takeover of Oracle Hospitality OPERA 5 P...

CVE-2026-44459 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, langfuse...

PT-2026-44583

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in Dawn allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that occurs whe...

CLEANSTART-2026-DA99134 Security fixes for CVE-2026-24051, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32285, CVE-2026-32289, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-39882, CVE-2026-39883, CVE-2026-42499 applied in versions: 3.11.0-r0, 3.11.3-r0, 3.5.1-r0, 3.5.1-r1

Multiple security vulnerabilities affect the prometheus package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-TL66481 Security fixes for CVE-2024-24786, CVE-2024-35255, CVE-2025-22868, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-40179, CVE-2026-42151, CVE-2026-42154, CVE-2026-42499, CVE-2026-42501, CVE-2026-44903, ghsa-8rm2-7qqf-34qm, ghsa-fw8g-cg8f-9j28, ghsa-vffh-x6r8-xx99, ghsa-wg65-39gg-5wfj applied in versions: 0.69.1-r0, 0.69.1-r1, 0.87.1-r0, 0.89.0-r0

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-ML12367 Security fixes for ghsa-2328-f5f3-gj25, ghsa-2w6w-674q-4c4q, ghsa-3644-q5cj-c5c7, ghsa-378v-28hj-76wf, ghsa-3v7f-55p6-f55p, ghsa-48c2-rrv3-qjmp, ghsa-4rc3-7j7w-m548, ghsa-56p5-8mhr-2fph, ghsa-5m6q-g25r-mvwx, ghsa-5vv4-hvf7-2h46, ghsa-66ff-xgx4-vchm, ghsa-685m-2w69-288q, ghsa-6chq-wfr3-2hj9, ghsa-6v7q-wjvx-w8wg, ghsa-75px-5xx7-5xc7, ghsa-8gc5-j5rx-235r, ghsa-9c88-49p5-5ggf, ghsa-c2c7-rcm5-vvqj, ghsa-chqc-8p9q-pq6q, ghsa-f269-vfmq-vjvj, ghsa-f886-m6hf-6m8v, ghsa-hvx9-hwr7-wjj9, ghsa-j3q9-mxjg-w52f, ghsa-jg4p-7fhp-p32p, ghsa-jp2q-39xq-3w4g, ghsa-jvwf-75h9-cwgg, ghsa-pf86-5x62-jrwf, ghsa-ppp5-5v6c-4jwp, ghsa-q3j6-qgpj-74h6, ghsa-q67f-28xg-22rw, ghsa-q7rr-3cgh-j5r3, ghsa-r399-636x-v7f6, ghsa-r4q5-vmmm-2653, ghsa-r5fr-rjxr-66jc, ghsa-rp42-5vxx-qpwr, ghsa-rpmf-866q-6p89, ghsa-v2v4-37r5-5v8g, ghsa-v39h-62p7-jpjc, ghsa-v9p9-hfj2-hcw8, ghsa-vrm6-8vpv-qv8q, ghsa-vvjj-xcjg-gr5g, ghsa-w5hq-g745-h8pq, ghsa-wmfp-5q7x-987x, ghsa-wphj-fx3q-84ch, ghsa-xq3m-2v4x-88gg applied in versions: 9.3.2-r3

Multiple security vulnerabilities affect the kibana package. These issues are resolved in later releases. See references for individual vulnerability details...

Astra Linux - уязвимость в firefox, thunderbird

An attacker could have placed a datalist element to obscure the address bar. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

Astra Linux - уязвимость в gimp

GIMP ICO File Parsing: Integer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a...