PT-2026-27226

OpenClaw before 2026.2.25 lacks durable replay state for Nextcloud Talk webhook events, allowing valid signed requests to be replayed. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound processing and cause integrity or availability issues...

OPENSUSE-SU-2026:10410-1 pnpm-10.32.1-1.1 on GA media

These are all security issues fixed in the pnpm-10.32.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10412-1 python311-pydicom-3.0.2-1.1 on GA media

These are all security issues fixed in the python311-pydicom-3.0.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10408-1 freerdp-3.24.1-1.1 on GA media

These are all security issues fixed in the freerdp-3.24.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10409-1 pgvector-devel-0.8.2-1.1 on GA media

These are all security issues fixed in the pgvector-devel-0.8.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10411-1 python311-dynaconf-3.2.13-1.1 on GA media

These are all security issues fixed in the python311-dynaconf-3.2.13-1.1 package on the GA media of openSUSE Tumbleweed...

Advisory ROSA-SA-2026-3217

software: runc 1.3.4 OS: ROSA-CHROME unaffected versions = runc-1.3.4-1 affected versions runc-1.3.4-1 CVE-ID: CVE-2024-45310 BDU-ID: 2024-06891 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Runc isolated container tool is associated with a race condition that allows link tracking. Exploitation...

EUVD-2026-14264

A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called...

OPENSUSE-SU-2026:10402-1 python311-PyPDF2-2.11.1-8.1 on GA media

These are all security issues fixed in the python311-PyPDF2-2.11.1-8.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10404-1 python310-3.10.20-2.1 on GA media

These are all security issues fixed in the python310-3.10.20-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10405-1 python314-3.14.3-3.1 on GA media

These are all security issues fixed in the python314-3.14.3-3.1 package on the GA media of openSUSE Tumbleweed...

OESA-2026-1681 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: A vulnerability classified as problematic has been found in Apache ActiveMQ Application Server Software.CWE is classifying the issue as CWE-190. The product performs a calculation that can produce...

OESA-2026-1680 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: A vulnerability classified as problematic has been found in Apache ActiveMQ Application Server Software.CWE is classifying the issue as CWE-190. The product performs a calculation that can produce...

OESA-2026-1679 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: A vulnerability classified as problematic has been found in Apache ActiveMQ Application Server Software.CWE is classifying the issue as CWE-190. The product performs a calculation that can produce...

Denial Of Service (DoS)

github.com/free5gc/nssf is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of crafted POST requests to the NnssfNSSAIAvailability API, which allows an attacker to disrupt service availability...

BIT-CEPH-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

CVE-2026-30889

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain...

ROS-20260320-73-0013

A vulnerability in the Golang programming language is related to errors in the certificate authentication procedure. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availability of protected information...

ROS-20260320-73-0008

A vulnerability in the SSH server of the library for the Go crypto programming language is related to unrestricted resource allocation. Exploitation of the vulnerability could allow a remote attacker to affect the availability of protected information...

tempo-cli-2.10.3-1.1 on GA media (moderate)

tempo-cli-2.10.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10390-1 Rating: moderate Cross-References: CVE-2026-28377 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...