openSUSE 16 Security Update : enc (openSUSE-SU-2026:20948-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20948-1 advisory. Changes in enc: - CVE-2026-1229: Fix incorrect value bsc1265533 Bump circl to 1.6.3 - Update to 1.1.5: Update dependencies 10 - Update to 1.1.4: Update...

SUSE-SU-2026:22066-1 Security update for elemental-operator

This update for elemental-operator fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260277. Changes for elemental-operator: - Fix substitution - Fix reference in labels - Adapt labels to pass...

Security update for gosec (moderate)

openSUSE Security Update: Security update for gosec Announcement ID: openSUSE-SU-2026:0167-1 Rating: moderate References: Cross-References: CVE-2025-22891 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update for gosec...

Fedora 44 : fido-device-onboard (2026-9e223ca14f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9e223ca14f advisory. Automatic update for fido-device-onboard-0.5.5-8.fc44. Changelog for fido-device-onboard Wed Apr 01 2026 Peter Robinson - 0.5.5-8 - Rebuild for...

com.c0x12c:module-ai-image (>=0.12.0 <=0.13.11), com.c0x12c:module-ai-module-impl (>=0.5.0 <=0.13.11) +361 more potentially affected by CVE-2026-33013 via io.micronaut:micronaut-json-core (>=4.0.0-M1 <=4.10.15)

io.micronaut:micronaut-json-core MAVEN version =4.0.0-M1, =0.12.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.10.0, =0.8.0, =0.5.0, =0.2.15, =1.15.0.516, =0.0.41, =3.2.0, =3.5.0 and more Source cves: CVE-2026-33013 Source advisory: SNYK:JAVA-IOMICRONAUT-15682607...

GHSA-8FH9-C4JQ-94H4 idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability

idunno.Bluesky, idunno.AtProto and idunno.AtProto.OAuthCallback Denial of Service Vulnerability Impact The Microsoft.Bcl.Memory package, a transitive dependency of idunno.AtProto and idunno.AtProto.OAuthCallback had a Denial of Service security vulnerability, CVE-2026-26127 Patches v1.7.0 updates...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update to version 0.2.8+116. Security issues fixed: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257908. Other updates and bugfixes: Update vendored crates time to version...

openSUSE 16 Security Update : sbctl (openSUSE-SU-2026:20105-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20105-1 advisory. Changes in sbctl: - Upgrade the embedded golang.org/x/net to 0.46.0 Fixes: bsc1251399, CVE-2025-47911: various algorithms with quadratic...

SUSE-SU-2025:21150-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed Information disclosure via world-readable VM snapshots bsc1253703 - CVE-2025-12748: Fixed Denial of service in XML parsing bsc1253278 Other fixes: - spec: Adjust dbus dependency bsc1253642 - qemu: Add support for Intel TD...

SUSE-SU-2025:3783-1 Security update for afterburn

This update for afterburn fixes the following issues: Update to version 5.9.0.git21.a73f509. Security issues fixed: - CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large repetitions on empty sub-expressions can lead to excessive resource...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update vendored crate slab to version 0.4.11 CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function leading to undefined behavior or potential crash due to out-of-bounds access bsc1248006 Update to version 0.2.8+12:...

SUSE SLES15 / openSUSE 15 Security Update : amber-cli (SUSE-SU-2025:02769-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02769-1 advisory. - Update to version 1.13.1+git20250329.c2e3bb8: CVE-2025-30204: Fixed jwt-go excessive memory allocation during header parsin...

BIT-HELM-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...

Exploit for CVE-2025-53547

CVE-2025-53547 POC this is a poc for CVE-2025-53547 Chart.l...

GHSA-557J-XG8C-Q2MM Helm vulnerable to Code Injection through malicious chart.yaml content

A Helm contributor discovered that a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Impact Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and thi...

Helm vulnerable to Code Injection through malicious chart.yaml content

A Helm contributor discovered that a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Impact Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and thi...

CVE-2025-53547

Helm (Kubernetes package manager) before version 3.18.4 is affected by a code-execution vulnerability that arises when a specially crafted Chart.yaml content is carried over to Chart.lock during dependency updates, and the Chart.lock file is symlinked to a file that is executed (e.g., a bashrc or...

CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...

CVE-2025-6087

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

CVE-2024-47174

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...