Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: brotli (UTSA-2026-005387)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005387 advisory. Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism...

PT-2026-23024

Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in the JSTokenize...

CVE-2026-1876 Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series Ethernet module

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition on the products by continuously sending UDP packets to the products. A...

Security update 5.1.2 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Backported security patches for Salt vendored tornado: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header paramete...

SUSE-SU-2026:0623-1 Security update for python-tornado

This update for python-tornado fixes the following issues: - CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. - CVE-2025-67726: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254904...

Linux Distros Unpatched Vulnerability : CVE-2025-14905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This...

CLSA-2026-1771248733 Fix CVE(s): CVE-2025-68618, CVE-2025-69204

SECURITY UPDATE: Malicious SVG file resulted in a DoS attack - debian/patches/CVE-2025-68618.patch: fix DOS when processing a specially crafted malicious SVG file - CVE-2025-68618 SECURITY UPDATE: WriteSVGImage function, using an int variable to store numberattributes caused an integer overflow a...

CVE-2025-1924

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions a...

CVE-2025-54147

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

CVE-2026-0958

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits...

PT-2026-7545

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A flaw exists in Qsync Central that, if exploited by a remote attacker with a user account, could lead to a denial-of-service DoS attack. The issue is a NULL pointer dereference...

Important: Red Hat Security Advisory: brotli security update

An update for brotli is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Atlassian Jira Service Management Data Center and Server 10.3.0 < 10.3.13 / 11.0.x < 11.2.1 / 11.3.0 (JSDSERVER-16480)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16480 advisory. - Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30....

AZL-76781 CVE-2025-47911 affecting package containernetworking-plugins 1.1.1-17

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-76836 CVE-2025-47911 affecting package cni-plugins for versions less than 1.3.0-11

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

RockyLinux 10 : python3.12 (RLSA-2026:1828)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:1828 advisory. cpython: Excessive read buffering DoS in http.client CVE-2025-13836 cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of...

CVE-2025-63656

An out-of-bounds read in the headercmp function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

CVE-2025-63656

CVE-2025-63656 affects the Monkey server (commit f37e984) with an out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c). Exploitation is sufficient to cause a Denial of Service by receiving a crafted HTTP request. Connected sources (Red Hat advisory, NVD/NVL records, Attacker...

CVE-2026-24748 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...

RHEL 8 : python3.11 (RHSA-2026:1374)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1374 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...