PT-2026-39928

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP and ABAP Platform affected versions not specified Description An OS Command Injection issue allows an authenticated attacker with administrative access to execute specially crafted shell commands on th...

PT-2026-40097

Improper input validation for some IntelR QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...

ROS-20260512-73-0009

Vulnerability in beats related to unchecked array indexing. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availability of protected information...

OPENSUSE-SU-2026:10756-1 perl-Net-CIDR-0.270.0-2.1 on GA media

These are all security issues fixed in the perl-Net-CIDR-0.270.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10753-1 cosign-3.0.6-1.1 on GA media

These are all security issues fixed in the cosign-3.0.6-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-39917

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

PT-2026-39924

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

MozillaThunderbird-140.10.2-1.1 on GA media (moderate)

MozillaThunderbird-140.10.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10738-1 Rating: moderate Cross-References: CVE-2026-8090 CVE-2026-8092 CVE-2026-8094 CVSS scores: CVE-2026-8090 SUSE : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2026-8092 SUSE : 7.5...

Siemens Opcenter RDnL

SUMMARY Opcenter RDnL is affected by missing authentication in critical function in ‘ActiveMQ Artemis’. An unauthenticated attacker within the adjacent network could use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue...

PT-2026-39921

Name of the Vulnerable Software and Affected Versions SAP S/4HANA SAP Enterprise Search for ABAP affected versions not specified Description An authenticated attacker can inject malicious SQL statements through user-controlled input. The application directly concatenates this input into SQL queri...

OPENSUSE-SU-2026:10762-1 rclone-1.74.1-1.1 on GA media

These are all security issues fixed in the rclone-1.74.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10754-1 kubectl-cnpg-1.29.1-1.1 on GA media

These are all security issues fixed in the kubectl-cnpg-1.29.1-1.1 package on the GA media of openSUSE Tumbleweed...

DoS (Denial of Service) at commons-fileupload dependency in Crucible Server

This High severity DoS Denial of Service vulnerability was introduced in version 4.9.0 of Crucible Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to cause a resource to...

BIT-LIBPYTHON-2025-12084 Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

SUSE CVE-2025-3770

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...

CVE-2025-10470

The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that...

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

PT-2026-39922

Name of the Vulnerable Software and Affected Versions SAP Commerce cloud affected versions not specified Description Improper Spring Security configuration allows an unauthenticated user to perform malicious configuration upload and code injection. This can result in arbitrary server-side code...

Unity Linux 20.1060e / 20.1070e Security Update: openjpeg2 (UTSA-2026-017599)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017599 advisory. There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding...

Unity Linux 20.1060e / 20.1070e Security Update: openjpeg2 (UTSA-2026-017606)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017606 advisory. There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg...