Malicious Package

Overview material-ui-plugin-cache-endpoint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

SUSE-SU-2026:2133-1 Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.37 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit bsc1265224. -...

SUSE-SU-2026:2131-1 Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.34 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. -...

Allocation of Resources Without Limits or Throttling

Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the DNSCache.asyncadd. Any unauthenticated host on the local link can exhaust system...

zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood

Impact DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNSPTRMINTTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a periodic...

DEBIAN-CVE-2026-44421

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...

UBUNTU-CVE-2026-44421

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...

EUVD-2026-33433

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...

Imperva Customers Protected Against CVE-2026-45247 in Mirasvit Full Page Cache Warmer for Magento

TL;DR: CVE-2026-45247 is a critical unauthenticated remote code execution RCE vulnerability affecting Mirasvit Full Page Cache Warmer for Magento 2. The flaw stems from unsafe PHP deserialization of attacker-controlled data supplied through the CacheWarmer cookie. Successful exploitation can allo...

unbound security update

An update is available for unbound. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The unbound packages provide a validating, recursive, and caching DNS or DNSS...

RLSA-2025:11884 Important: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Unbound Cache poisoning CVE-2025-5994 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE...

OESA-2026-2463 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

WordPress LiteSpeed Cache plugin <= 7.7 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin LiteSpeed Cache versions = 7.7...

BIT-JOOMLA-2026-48901 Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects

The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...

CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

UBUNTU-CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

EUVD-2026-33249

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...