SUSE-SU-2026:21543-1 Security update for java-25-openjdk

This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.3+9 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of...

CVE-2026-21989

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

PT-2026-3688

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft versions 8.60 through 8.62 Description A flaw exists within the Portal component of Oracle PeopleSoft Enterprise PeopleTools that allows an unauthenticated attacker with network access via HTTP to compromise the system...

PT-2026-3677

Name of the Vulnerable Software and Affected Versions Oracle Solaris version 11 Description An issue exists within the Driver component of Oracle Solaris that could allow a high-privileged attacker with access to the system to compromise the operating system. Successful exploitation requires...

CVE-2020-10096

An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The...

CVE-2025-53053

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

EUVD-2017-1726

Malware in sbrugna...

EUVD-2021-21444

Malware in sbrugna...

EUVD-2018-14844

Malware in sbrugna...

EUVD-2017-1883

Malware in sbrugna...

EUVD-2022-35899

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-14876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1 -...

CVE-2025-4855

The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sbencryption function in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to bypass authorization...

CVE-2025-3648

A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list ACL configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer...

Medium: mariadb1011

Issue Overview: Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols ...

CVE-2025-49419 WordPress Foxit eSign for WordPress <= 2.0.3 - Other Vulnerability Type Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3...

CVE-2024-21030

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-12558

The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with...

CVE-2021-2015

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Worklist. Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks...

CVE-2020-14767

Vulnerability in the Hyperion BI+ product of Oracle Hyperion component: IQR-Foundation service. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Hyperion BI+. Successful...