OPENSUSE-SU-2026:10584-1 rclone-1.73.5-1.1 on GA media

These are all security issues fixed in the rclone-1.73.5-1.1 package on the GA media of openSUSE Tumbleweed...

Luban-2040

Luban 2040 v1 Advanced CVE & Exploit Finder Author: m...

OPENSUSE-SU-2026:10579-1 python310-3.10.20-5.1 on GA media

These are all security issues fixed in the python310-3.10.20-5.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10570-1 aardvark-dns-1.17.1-1.1 on GA media

These are all security issues fixed in the aardvark-dns-1.17.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10571-1 bouncycastle-1.84-1.1 on GA media

These are all security issues fixed in the bouncycastle-1.84-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10574-1 jetty-annotations-9.4.58-4.1 on GA media

These are all security issues fixed in the jetty-annotations-9.4.58-4.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10573-1 cpp-httplib-devel-0.42.0-1.1 on GA media

These are all security issues fixed in the cpp-httplib-devel-0.42.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10576-1 python311-jwcrypto-1.5.7-2.1 on GA media

These are all security issues fixed in the python311-jwcrypto-1.5.7-2.1 package on the GA media of openSUSE Tumbleweed...

GHSA-VW3H-Q6XQ-JJM5 OpenClaw: Voice-call realtime WebSocket accepted oversized frames

Summary Voice-call realtime WebSocket accepted oversized frames. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 = 2026.4.10 Impact The voice-call realtime WebSocket path could accept oversized frames, creating a remote availability risk for...

OpenClaw: Voice-call realtime WebSocket accepted oversized frames

Summary Voice-call realtime WebSocket accepted oversized frames. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 = 2026.4.10 Impact The voice-call realtime WebSocket path could accept oversized frames, creating a remote availability risk for...

EUVD-2025-209469

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

JLSEC-2026-129

There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability...

OPENSUSE-SU-2026:10568-1 opam-2.5.1-1.1 on GA media

These are all security issues fixed in the opam-2.5.1-1.1 package on the GA media of openSUSE Tumbleweed...

libraw-devel-0.22.1-1.1 on GA media (moderate)

libraw-devel-0.22.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10565-1 Rating: moderate Cross-References: CVE-2026-20884 CVE-2026-20889 CVE-2026-20911 CVE-2026-21413 CVE-2026-24450 CVE-2026-24660 CVE-2026-5342 CVSS scores: CVE-2026-20884 SUSE : 8.1...

GHSA-CPF9-PH2J-CCR9 zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

Summary endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger...

zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

Summary endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls makestring, count with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger...

CVE-2026-40959

A flaw was found in Luanti, specifically when using LuaJIT. A local attacker can exploit this vulnerability by providing a crafted mod. This can lead to a Lua sandbox escape, allowing the attacker to bypass security restrictions and potentially gain confidentiality, integrity, and availability...

EUVD-2023-44280

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...

CVE-2023-3634

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...

CVE-2023-3634 Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...