CVE-2025-15497

CVE-2025-15497 affects OpenVPN 2.7_alpha1 through 2.7_rc5. The issue is insufficient epoch key slot processing that allows remote authenticated users to trigger an assert, resulting in a denial of service. Affected component appears to be internal key-slot handling within the OpenVPN 2.7 developm...

OpenVPN security vulnerabilities

OpenVPN is a software package developed by OpenVPN Inc. in the United States, used to create encrypted VPN tunnels. It utilizes the OpenSSL library to encrypt data and control information, and allows the created VPNs to use public keys, electronic certificates, or username/password for...

SUSE SLES16 Security Update : avahi (SUSE-SU-2026:20145-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20145-1 advisory. - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off bsc1256498 - CVE-2025-68471: Fixed DoS bu...

CVE-2026-24826

Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects...

CVE-2026-24826

Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects...

EUVD-2026-4845

Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects...

CVE-2026-24826 Out-of-bounds write in turso3d

Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects...

CVE-2026-24826

Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects...

CVE-2026-24826 Out-of-bounds write in turso3d

Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects...

PT-2026-4901

Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects...

GHSA-63V5-26VQ-M4VM Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

CVE-2026-1190

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

CVE-2026-1190 Org.keycloak/keycloak-services: keycloak saml brokering: response delay due to unchecked notonorafter in subjectconfirmationdata

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

CVE-2026-1190 Org.keycloak/keycloak-services: keycloak saml brokering: response delay due to unchecked notonorafter in subjectconfirmationdata

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

OPENSUSE-SU-2026:20110-1 Security update for avahi

This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off bsc1256498 - CVE-2025-68471: Fixed DoS bug by changing assert to return bsc1256500 - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion bsc1256499...

SUSE-SU-2026:20167-1 Security update for avahi

This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off bsc1256498 - CVE-2025-68471: Fixed DoS bug by changing assert to return bsc1256500 - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion bsc1256499...

ROS-20260126-73-0014

A vulnerability in the net/sched/schskbprio.c component of the Linux operating system kernel is related to a flaw in the use of the assert function. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004951)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004951 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Add downwritetraceeventsem when adding trace event When a module is loaded, it adds trac...

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion in the checkType function. An attacker can cause the client to panic and terminate unexpectedly by providing invalid TUF metadata which is valid JSON. The vulnerable parsing happens before signature validation, so a...