CVE-2026-40131

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

CVE-2026-0502

The CVE-2026-0502 entry concerns SAP BusinessObjects Business Intelligence Platform with a CSRF protection flaw. An authenticated user can be tricked into sending unintended requests to the web server, leading to low impact on integrity and availability and no confidentiality impact. Public detai...

OPENSUSE-SU-2026:10757-1 perl-Starman-0.4018-1.1 on GA media

These are all security issues fixed in the perl-Starman-0.4018-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-40097

Improper input validation for some IntelR QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...

OPENSUSE-SU-2026:10753-1 cosign-3.0.6-1.1 on GA media

These are all security issues fixed in the cosign-3.0.6-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10756-1 perl-Net-CIDR-0.270.0-2.1 on GA media

These are all security issues fixed in the perl-Net-CIDR-0.270.0-2.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-39928

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP and ABAP Platform affected versions not specified Description An OS Command Injection issue allows an authenticated attacker with administrative access to execute specially crafted shell commands on th...

ROS-20260512-73-0009

Vulnerability in beats related to unchecked array indexing. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availability of protected information...

PT-2026-39924

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

PT-2026-39917

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

MozillaThunderbird-140.10.2-1.1 on GA media (moderate)

MozillaThunderbird-140.10.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10738-1 Rating: moderate Cross-References: CVE-2026-8090 CVE-2026-8092 CVE-2026-8094 CVSS scores: CVE-2026-8090 SUSE : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-8092 SUSE : 7.5...

PT-2026-39921

Name of the Vulnerable Software and Affected Versions SAP S/4HANA SAP Enterprise Search for ABAP affected versions not specified Description An authenticated attacker can inject malicious SQL statements through user-controlled input. The application directly concatenates this input into SQL queri...

OPENSUSE-SU-2026:10754-1 kubectl-cnpg-1.29.1-1.1 on GA media

These are all security issues fixed in the kubectl-cnpg-1.29.1-1.1 package on the GA media of openSUSE Tumbleweed...

Siemens Opcenter RDnL

SUMMARY Opcenter RDnL is affected by missing authentication in critical function in ‘ActiveMQ Artemis’. An unauthenticated attacker within the adjacent network could use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue...

OPENSUSE-SU-2026:10762-1 rclone-1.74.1-1.1 on GA media

These are all security issues fixed in the rclone-1.74.1-1.1 package on the GA media of openSUSE Tumbleweed...

DoS (Denial of Service) at commons-fileupload dependency in Crucible Server

This High severity DoS Denial of Service vulnerability was introduced in version 4.9.0 of Crucible Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to cause a resource to...

BIT-LIBPYTHON-2025-12084 Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

SUSE CVE-2025-3770

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...

CVE-2025-10470

The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that...