CVE-2025-23186

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...

CVE-2024-34688

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availabilit...

CVE-2024-41947

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the...

CVE-2024-39672

Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vulnerability will affect integrity and availability...

OPENSUSE-SU-2026:10021-1 coredns-1.14.0-1.1 on GA media

These are all security issues fixed in the coredns-1.14.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10024-1 libsoup-2_4-1-2.74.3-13.1 on GA media

These are all security issues fixed in the libsoup-24-1-2.74.3-13.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10023-1 libsoup-3_0-0-3.6.5-10.1 on GA media

These are all security issues fixed in the libsoup-30-0-3.6.5-10.1 package on the GA media of openSUSE Tumbleweed...

DoS (Denial of Service) ansi-regex Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 9.15.2, 9.16.0, 9.17.0, 10.1.1, 10.3.13, 11.2.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of code:java...

CVE-2025-65518

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service DoS condition. The vulnerability exists in the getpassword.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service...

BIT-PHP-MIN-2025-14180 NULL Pointer Dereference in PDO quoting

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

OPENSUSE-SU-2026:10017-1 curl-8.18.0-1.1 on GA media

These are all security issues fixed in the curl-8.18.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10020-1 traefik-3.6.6-1.1 on GA media

These are all security issues fixed in the traefik-3.6.6-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10016-1 chromedriver-143.0.7499.192-1.1 on GA media

These are all security issues fixed in the chromedriver-143.0.7499.192-1.1 package on the GA media of openSUSE Tumbleweed...

ImageMagick-7.1.2.12-1.1 on GA media (moderate)

ImageMagick-7.1.2.12-1.1 on GA media Announcement ID: openSUSE-SU-2026:10012-1 Rating: moderate Cross-References: CVE-2025-68618 CVE-2025-68950 CVE-2025-69204 CVSS scores: CVE-2025-68618 SUSE : 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-68618 SUSE : 5.1...

DoS (Denial of Service) cross-spawn Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in versions 6.0.5 and 10.3.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.7 and a CVSS Vector of code:java...

CVE-2025-31964

Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface...

CVE-2022-27580

A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges ...

CVE-2025-31964 HCL BigFix IVR is impacted by an improper service binding configuration

Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface...

python314-3.14.2-1.1 on GA media (moderate)

python314-3.14.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10011-1 Rating: moderate Cross-References: CVE-2025-12084 CVE-2025-13836 CVE-2025-13837 CVSS scores: CVE-2025-12084 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-12084 SUSE : 6.3...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000366)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000366 advisory. A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events t...