SUSE-SU-2026:1840-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix the following issue: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264449. - CVE-2026-43500: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present bsc1264450...

SUSE-SU-2026:21625-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix the following security issues: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264449. - CVE-2026-43500: rxrpc: unshare DATA/RESPONSE packets when paged frags are present bsc1264450...

RUSTSEC-2026-0118 NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the S...

CVE-2026-33911 OpenEMR vulnerable to reflected XSS in graphs.php via title parameter

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter title is reflected back in a JSON response built with jsonencode. Because the response is served with a text/html Content-Type, the browser...

CVE-2026-28424

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has been fixed in 5.73.11 a...

CVE-2023-33992

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...

Code injection

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...

CVE-2023-33992 Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...

CVE-2023-33992 Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...

CVE-2023-33992

CVE-2023-33992 concerns the SAP BW BICS layer in SAP Business Warehouse and SAP BW/4HANA (SAP_BW 730–731, 740, 750; DW4CORE 100–300) where unauthorized cell values can be exposed in data responses. The asset’s data exposure arises from a missing authorization check at the data level; exploitation...

CVE-2009-4022

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive...