OPENSUSE-SU-2026:10277-1 python311-pypdf-6.7.5-1.1 on GA media

These are all security issues fixed in the python311-pypdf-6.7.5-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10276-1 libsoup-3_0-0-3.6.6-2.1 on GA media

These are all security issues fixed in the libsoup-30-0-3.6.6-2.1 package on the GA media of openSUSE Tumbleweed...

UBUNTU-CVE-2025-10990

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

OPENSUSE-SU-2026:10267-1 ImageMagick-7.1.2.15-1.1 on GA media

These are all security issues fixed in the ImageMagick-7.1.2.15-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10271-1 libjxl-devel-0.11.2-1.1 on GA media

These are all security issues fixed in the libjxl-devel-0.11.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10273-1 libudisks2-0-2.11.0-2.1 on GA media

These are all security issues fixed in the libudisks2-0-2.11.0-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-25963

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

CVE-2026-27965

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

OPENSUSE-SU-2026:10257-1 MozillaFirefox-148.0-1.1 on GA media

These are all security issues fixed in the MozillaFirefox-148.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10264-1 python311-Flask-3.1.3-1.1 on GA media

These are all security issues fixed in the python311-Flask-3.1.3-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10260-1 digger-cli-0.6.143-1.1 on GA media

These are all security issues fixed in the digger-cli-0.6.143-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10261-1 docker-29.2.1_ce-37.1 on GA media

These are all security issues fixed in the docker-29.2.1ce-37.1 package on the GA media of openSUSE Tumbleweed...

cockpit-machines-348-1.1 on GA media (moderate)

cockpit-machines-348-1.1 on GA media Announcement ID: openSUSE-SU-2026:10250-1 Rating: moderate Cross-References: CVE-2026-25547 CVSS scores: CVE-2026-25547 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-25547 SUSE : 8.7...

PT-2026-22116

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet’s certificate template deletion API had a broken authorization check. This allowed a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. T...

GHSA-76RV-2R9V-C5M6 zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service

Summary All rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing throttling that degrades service for that entity — and potentially co-located entities in...

CVE-2025-69253

free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details e.g., invalid character '...

OPENSUSE-SU-2026:10254-1 cockpit-tukit-0.1.7~git0.61e54f1-3.1 on GA media

These are all security issues fixed in the cockpit-tukit-0.1.7git0.61e54f1-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10255-1 docker-stable-24.0.9_ce-17.1 on GA media

These are all security issues fixed in the docker-stable-24.0.9ce-17.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10252-1 cockpit-repos-4.7-4.1 on GA media

These are all security issues fixed in the cockpit-repos-4.7-4.1 package on the GA media of openSUSE Tumbleweed...

python311-Django4-4.2.28-1.1 on GA media (moderate)

python311-Django4-4.2.28-1.1 on GA media Announcement ID: openSUSE-SU-2026:10247-1 Rating: moderate Cross-References: CVE-2025-13473 CVE-2025-14550 CVE-2026-1207 CVE-2026-1285 CVE-2026-1287 CVE-2026-1312 CVSS scores: CVE-2025-13473 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...