CVE-2026-27612 Repostat Vulnerable to Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard

Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo pro...

MiracleLinux 7 : kernel-3.10.0-327.22.2.el7 (AXSA:2016-613:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-613:04 advisory. Security issues fixed with this release: CVE-2015-8767 net/sctp/smsideeffect.c in the Linux kernel before 4.3 does not properly manage the relationsh...

SUSE-SU-2025:4064-1 Security update for the Linux Kernel (Live Patch 60 for SUSE Linux Enterprise 15 SP3)

This update for the SUSE Linux Enterprise kernel 5.3.18-150300.59.215 fixes various security issues The following security issues were fixed: - CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path bsc1249841. - CVE-2022-50252: igb: Do not free qvector unless new one was allocated...

SUSE-SU-2025:4036-1 Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.136 fixes various security issues The following security issues were fixed: - CVE-2022-50252: igb: Do not free qvector unless new one was allocated bsc1249847. - CVE-2024-53164: net: sched: fix ordering of qlen adjustment...

Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-1507005311 fixes several issues. The following security issues were fixed: CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631. CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY bsc1249207. Patch Instructions: To...

Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002342 fixes several issues. The following security issues were fixed: CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631. CVE-2025-38617: net/packet: fix a race in packetsetring and packetnotifier bsc1249208...

SUSE SLES15 Security Update : kernel (Live Patch 34 for SLE 15 SP4) (SUSE-SU-2025:03381-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03381-1 advisory. This update for the Linux Kernel 5.14.21-15040024144 fixes several issues. The following security issues were fixed: - CVE-2025-38177: schhfsc...

SUSE-SU-2025:03387-1 Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024141 fixes several issues. The following security issues were fixed: - CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1246356. - CVE-2025-38181: calipso: Fix null-ptr-deref in calipsoreqset,delattr bsc1246001. - CVE-2025-38498:...

Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024167 fixes several issues. The following security issues were fixed: CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1246356. CVE-2025-38181: calipso: Fix null-ptr-deref in calipsoreqset,delattr bsc1246001. CVE-2025-38498: dochangetype:...

Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001017 fixes several issues. The following security issues were fixed: CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1246356. CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow bsc1245685. CVE-2025-38181: calipso: Fix...

Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001011 fixes several issues. The following security issues were fixed: CVE-2024-49860: ACPI: sysfs: validate return type of STR method bsc1231862. CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1246356. CVE-2025-38109: net/mlx5: fix ECVF vpor...

CVE-2025-38618 vsock: Do not allow binding to VMADDR_PORT_ANY

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept also has port...

CVE-2025-22109

In the Linux kernel, the following vulnerability has been resolved: ax25: Remove broken autobind Binding AX25 socket by using the autobind feature leads to memory leaks in ax25connect and also refcount leaks in ax25release. Memory leak was detected with kmemleak:...

CVE-2025-27773 SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...