USN-8073-1: QEMU vulnerabilities

It was discovered that the UHCI controller implementation of QEMU could be brought into an invalid state. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2024-8354 It was discovered that QEMU incorrectly handled memory durin...

K000160227: Linux kernel vulnerability CVE-2025-37849

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvmarchvcpucreate fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data...

CVE-2026-2732

The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...

CVE-2025-48635

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-47384

Transient DOS when MAC configures config id greater than supported maximum value...

CVE-2025-50195

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30...

SUSE CVE-2026-25518

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS...

SUSE CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

SUSE CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

GHSA-84XH-PWC6-7G4G vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

CVE-2025-23419 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

CVE-2025-23419 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller-fips, ingress-nginx-controller...

GHSA-84XH-PWC6-7G4G vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller-fips, ingress-nginx-controller...

BIT-DISCOURSE-2026-26973 Discourse doesn't scope reviewable notes to user-visible reviewables

Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR Insecure Direct Object Reference in ReviewableNotesController. When enablecategorygroupmoderation is enabled, a user belonging to a category moderation group can create or delete thei...

kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF

A flaw was found in the Linux kernel's xHCI eXtensible Host Controller Interface driver. This vulnerability allows data loss or buffer Use-After-Free UAF due to a race condition during isochronous Ring Underrun/Overrun event handling...

Mitsubishi Electric MELSEC iQ-F series 安全漏洞

The Mitsubishi Electric MELSEC iQ-F series is a programmable logic controller developed by Mitsubishi Electric, a Japanese company. The MELSEC iQ-F series contains security vulnerabilities, which stem from improper resource closure or release procedures. This could allow remote attackers to cause...

CVE-2025-48635

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-31328

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2024-31328

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2024-31328

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed...