USN-8029-2: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; -...

org.apache.nifi:nifi-framework-nar (>=1.1.0 <=1.9.2), org.apache.nifi:nifi-jetty (>=1.1.0 <=1.9.2) +3 more potentially affected by CVE-2026-25903 via org.apache.nifi:nifi-web-api (>=1.1.0 <=2.7.2)

org.apache.nifi:nifi-web-api MAVEN version =1.1.0, =1.1.0, =1.1.0, =2.0.0, =1.20.0, =1.20.0, =2.7.2 Source cves: CVE-2026-25903 Source advisory: OSV:GHSA-C5W7-M8WF-XC77...

SUSE-SU-2026:20485-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API bsc1254867. - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866...

PT-2026-20309

Name of the Vulnerable Software and Affected Versions HPE Aruba Networking 5G Core affected versions not specified Description Issues in the API error handling of an HPE Aruba Networking 5G Core server API may allow a remote, unauthenticated attacker to obtain sensitive information. Exploitation...

PT-2026-20283

Name of the Vulnerable Software and Affected Versions Honeywell CCTV products versions prior to firmware updates addressing CVE-2026-1670 Honeywell I-HIB2PI-UL 2MP IP 6.1.22.1216 Honeywell SMB NDAA MVO-3, PTZ WDR 2MP 32M, 25M IPC WDR 2MP 32M PTZ v2.0 Description The affected products are vulnerab...

PT-2026-20911

Name of the Vulnerable Software and Affected Versions Skill-scanner versions 1.0.1 and earlier Description Skill Scanner is a security scanner for AI Agent Skills designed to detect prompt injection, data exfiltration, and malicious code patterns. A flaw in the API Server component could permit a...

SHARP MFPs Configuration API Vulnerability (CVE-2024-47005)

Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs. This plugin only works with Tenable.ot. Please visit...

PT-2026-20346

Name of the Vulnerable Software and Affected Versions jishi node-sonos-http-api versions prior to 3776f0ee2261c924c7b7204de121a38100a08ca7 Description A flaw exists in jishi node-sonos-http-api that could allow for remote execution of operating system commands. The issue is related to the...

HPE Aruba Networking 5G Core server API 安全漏洞

The HPE Aruba Networking 5G Core Server API is a programming and management interface provided by the American company HPE. There are security vulnerabilities associated with the HPE Aruba Networking 5G Core Server API. These vulnerabilities stem from improper handling of API errors, which may...

HPE Aruba Networking Private 5G Core 安全漏洞

HPE Aruba Networking Private 5G Core is a 5G core component developed by the American company HPE. There is a security vulnerability present in HPE Aruba Networking Private 5G Core, which stems from a flaw in the management API. This vulnerability could allow unverified remote attackers to trigge...

RHEL 8 / 9 : Satellite 6.16.6.1 Async Update (Important) (RHSA-2026:2765)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2765 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

WordPress Paytium: Mollie payment forms & donations plugin <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys' vulnerability

Missing Authorization in 'paytiumswsaveapikeys' vulnerability discovered by WordFence in WordPress Plugin Paytium versions = 4.3.7...

CVE-2026-26930

SmarterTools SmarterMail before 9526 allows XSS via MAPI requests...

CVE-2026-26930

SmarterTools SmarterMail before 9526 allows XSS via MAPI requests...

Mattermost fails to enforce invite permissions when updating team settings

Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...

CVE-2026-2562 JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi cast_streen privileges management

A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function caststreen of the file /jdcapi of the component jdcwebrpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be performed from remote. Th...

CVE-2025-14573

Mattermost versions 10.11.x = 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561...

GHSA-2PHX-FRHF-XR55 Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...