OPENSUSE-SU-2026:10625-1 xdg-dbus-proxy-0.1.7-1.1 on GA media

These are all security issues fixed in the xdg-dbus-proxy-0.1.7-1.1 package on the GA media of openSUSE Tumbleweed...

libminizip1-1.3.1-2.1 on GA media (moderate)

libminizip1-1.3.1-2.1 on GA media Announcement ID: openSUSE-SU-2026:10617-1 Rating: moderate Cross-References: CVE-2026-27171 CVSS scores: CVE-2026-27171 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-27171 SUSE : 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA...

OPENSUSE-SU-2026:10620-1 libmozjs-115-0-115.15.0-8.1 on GA media

These are all security issues fixed in the libmozjs-115-0-115.15.0-8.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-6940

A flaw was found in radare2. A local attacker can exploit a path traversal vulnerability during project deletion by crafting absolute paths. This allows the attacker to delete arbitrary directories outside the intended project storage, leading to a loss of data integrity and system availability...

Semantic Denial of Service in LLM-Controlled Robots

Safety-oriented instruction-following is supposed to keep LLM-controlled robots safe. We show it also creates an availability attack surface. By injecting short safety-plausible phrases 1-5 tokens into a robots audio channel, an adversary can trigger the models safety reasoning to halt or disrupt...

OPENSUSE-SU-2026:10616-1 python311-Mako-1.3.11-1.1 on GA media

These are all security issues fixed in the python311-Mako-1.3.11-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10615-1 ovmf-202602-9.1 on GA media

These are all security issues fixed in the ovmf-202602-9.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10611-1 freerdp2-2.11.7-8.1 on GA media

These are all security issues fixed in the freerdp2-2.11.7-8.1 package on the GA media of openSUSE Tumbleweed...

MozillaThunderbird-140.9.1-1.1 on GA media (moderate)

MozillaThunderbird-140.9.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10610-1 Rating: moderate Cross-References: CVE-2026-6746 CVE-2026-6747 CVE-2026-6748 CVE-2026-6749 CVE-2026-6750 CVE-2026-6751 CVE-2026-6752 CVE-2026-6753 CVE-2026-6754 CVE-2026-6757 CVE-2026-6759 CVE-2026-6761...

JLSEC-2026-183

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability...

GHSA-P4R4-XVRQ-GVMC Grafana Tempo has an Uncontrolled Resource Consumption issue

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

CVE-2026-21728

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

EUVD-2026-25408

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

CVE-2026-21728

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting maxresultlimit in the search config, e.g. to 262144 2^18...

Duplicate Advisory: OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing...

GHSA-2HV5-4H3G-4HJV Duplicate Advisory: OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing...

Grafana Tempo 资源管理错误漏洞

Grafana Tempo is a distributed tracing data storage and querying system developed by Grafana in open source. Grafana Tempo has a resource management vulnerability, which stems from excessive query restrictions leading to excessive memory allocation, potentially affecting the availability of the...

OPENSUSE-SU-2026:10610-1 MozillaThunderbird-140.9.1-1.1 on GA media

These are all security issues fixed in the MozillaThunderbird-140.9.1-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-34868

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max result limit in the search config, e.g. to 262144 2^18...

SenseLive X3050 安全漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a security vulnerability. This vulnerability stems from insufficient verification and security controls during modifications to critical system...