Hitachi Energy XMC20

SUMMARY Hitachi Energy is aware of a vulnerability that affects XMC20 product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to the...

CLSA-2026-1769420040 python2: Fix of CVE-2025-12084

CVE-2025-12084: fix quadratic algorithm in clearidcache dependency, prevent impact on availability of excessively nested documents...

CVE-2026-23001

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlanforwardsource Add RCU protection on struct macvlansourceentry-vlan. Whenever macvlanhashdelsource is called, we must clear entry-vlan pointer before RCU grace period starts. This allows...

CVE-2026-1415

A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gfmediaexportwebvttmetadata of the file src/mediatools/mediaexport.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and...

OPENSUSE-SU-2026:10090-1 google-osconfig-agent-20260119.00-1.1 on GA media

These are all security issues fixed in the google-osconfig-agent-20260119.00-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10089-1 gio-branding-upstream-2.86.3-2.1 on GA media

These are all security issues fixed in the gio-branding-upstream-2.86.3-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10092-1 java-17-openjdk-17.0.18.0-1.1 on GA media

These are all security issues fixed in the java-17-openjdk-17.0.18.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10099-1 zli-2.1.14-1.1 on GA media

These are all security issues fixed in the zli-2.1.14-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10094-1 libmatio-devel-1.5.30-1.1 on GA media

These are all security issues fixed in the libmatio-devel-1.5.30-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10097-1 qemu-10.2.0-2.1 on GA media

These are all security issues fixed in the qemu-10.2.0-2.1 package on the GA media of openSUSE Tumbleweed...

Important: resource-agents security update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Security Fixes: urllib3: urllib3: Unbounded decompression chain leads to resource...

OPENSUSE-SU-2026:10088-1 cups-2.4.16-1.1 on GA media

These are all security issues fixed in the cups-2.4.16-1.1 package on the GA media of openSUSE Tumbleweed...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.15.1 security update

Red Hat Advanced Cluster Management for Kubernetes 2.15 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.15 images Red Hat Advanced Cluster Management for Kubernetes provides...

CVE-2025-70458

A DOM-based Cross-Site Scripting XSS vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the...

SUSE CVE-2026-23831

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...

CVE-2026-24136

Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...

CVE-2025-70458

A DOM-based Cross-Site Scripting XSS vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the...

CVE-2025-70458

A DOM-based Cross-Site Scripting XSS vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the...

PT-2026-4534

Name of the Vulnerable Software and Affected Versions Sourcecodester Domain Availability Checker version 1.0 Description A DOM-based Cross-Site Scripting XSS issue exists in the DomainCheckerApp class within the domain/script.js file. The application does not properly handle user-supplied data in...

CVE-2025-70458

A DOM-based Cross-Site Scripting XSS vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the...