python311-Django4-4.2.28-1.1 on GA media (moderate)

python311-Django4-4.2.28-1.1 on GA media Announcement ID: openSUSE-SU-2026:10247-1 Rating: moderate Cross-References: CVE-2025-13473 CVE-2025-14550 CVE-2026-1207 CVE-2026-1285 CVE-2026-1287 CVE-2026-1312 CVSS scores: CVE-2025-13473 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

OPENSUSE-SU-2026:10248-1 MozillaThunderbird-140.8.0-1.1 on GA media

These are all security issues fixed in the MozillaThunderbird-140.8.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10252-1 cockpit-repos-4.7-4.1 on GA media

These are all security issues fixed in the cockpit-repos-4.7-4.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10256-1 regclient-0.11.2-1.1 on GA media

These are all security issues fixed in the regclient-0.11.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10255-1 docker-stable-24.0.9_ce-17.1 on GA media

These are all security issues fixed in the docker-stable-24.0.9ce-17.1 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: IBM Integration Designer is vulnerable to incorrect Calculation of Buffer Size (CVE-2026-1188)

Summary Vulnerability in the IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed CVE-2026-1188. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to...

CVE-2025-67733

A flaw was found in Valkey, a distributed key-value database. A malicious user can exploit this vulnerability by using scripting commands to inject arbitrary information into the response stream. This is caused by improper handling of null characters in the error handling code for Lua scripts...

OPENSUSE-SU-2026:10245-1 libsoup-3_0-0-3.6.6-1.1 on GA media

These are all security issues fixed in the libsoup-30-0-3.6.6-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10243-1 freerdp2-2.11.7-5.1 on GA media

These are all security issues fixed in the freerdp2-2.11.7-5.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10247-1 python311-Django4-4.2.28-1.1 on GA media

These are all security issues fixed in the python311-Django4-4.2.28-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10246-1 libsoup-2_4-1-2.74.3-17.1 on GA media

These are all security issues fixed in the libsoup-24-1-2.74.3-17.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10241-1 cacti-1.2.30+git231.bca15e70c-1.1 on GA media

These are all security issues fixed in the cacti-1.2.30+git231.bca15e70c-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10240-1 weblate-5.16-1.1 on GA media

These are all security issues fixed in the weblate-5.16-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10235-1 cosign-3.0.5-1.1 on GA media

These are all security issues fixed in the cosign-3.0.5-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10238-1 python311-PyPDF2-2.11.1-4.1 on GA media

These are all security issues fixed in the python311-PyPDF2-2.11.1-4.1 package on the GA media of openSUSE Tumbleweed...

SQL Injection

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to SQL Injection via the POST parameters such as actioncode, demandreasonid, and availabilityid. PoC Dolibarr ERP/CRM 10.0.1 contains multiple SQL injectio...

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains SQL injection vulnerabilities in card.php endpoints (parameters such as actioncode, demand_reason_id, availability_id) that allow authenticated attackers to manipulate queries and extract sensitive data. The flaw enables boolean-based blind, error-based, and time-...

CVE-2026-27482

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...

CVE-2026-27482 Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)

Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...