CVE-2026-56422 MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

EUVD-2026-38225

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

CVE-2026-56422

CVE-2026-56422 affects MISP core controllers and models where client-controlled fields (ids and ownership/scope keys such as event_id, org_id, user_id, sharing_group_id, galaxy_cluster_uuid, organisation_uuid, etc.) were not consistently stripped or revalidated, enabling an authenticated user to ...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths bsc1248235. CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished...

SUSE-SU-2026:2482-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths bsc1248235. - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished...

Resource Exhaustion

joserfc is vulnerable to Resource Exhaustion. The vulnerability is due to missing payload size validation for RFC7797 b64=false JWS payloads, where oversized payloads bypass the configured maximum payload length check, and attackers can exploit it by submitting large JWS tokens that consume...

RHSA-2026:27735 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

RHSA-2026:27731 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

RHSA-2026:27729 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

RHSA-2026:27719 Red Hat Security Advisory: kernel security update

Bulletin has no description...

RHSA-2026:27708 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

RHSA-2026:26566 Red Hat Security Advisory: xorg-x11-server-Xwayland security, bug fix, and enhancement update

Bulletin has no description...

SQL Injection

Overview doris-mcp-server is an Enterprise-grade Model Context Protocol MCP server implementation for Apache Doris Affected versions of this package are vulnerable to SQL Injection via the metadata query path. An attacker can gain unauthorized access to metadata outside the intended database scop...

SUSE-SU-2026:22242-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers bsc1236533. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

SUSE-SU-2026:22249-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state

A flaw was found in the Linux kernel's libceph OSD client. When a connection fault occurs during a sparse read, the sparse-read state is not properly reset. This allows a misbehaving or compromised Ceph OSD server, or a network adversary, to disrupt traffic. As a result, the client can misinterpr...

kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs

A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

CVE-2026-12805

A flaw was found in OFFIS DCMTK. A remote attacker could exploit this vulnerability by manipulating input to the XMLNode::parseFile function. This can lead to a heap-based buffer overflow, a type of memory corruption, which may result in information disclosure or denial of service. Mitigation Use...

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...