SUSE-SU-2026:1313-1 Security update for freerdp2

This update for freerdp2 fixes the following issues: - Fix the CVE-2026-24684 patch, as the previous version wrongly deleted a check for an error condition bsc1257991...

Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header

A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...

CVE-2026-34264

The CVE concerns SAP Human Capital Management for SAP S/4HANA where during authorization checks the system returns messages that allow an authenticated, low-privilege user to guess and enumerate content beyond their scope. This leads to disclosure of sensitive information (confidentiality impact:...

GHSA-R7P8-XQ5M-436C Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables

Description as reported A security vulnerability has been identified in Jetty's JaspiAuthenticator.java. The root cause is a failure to consistently clear authentication metadata stored in ThreadLocal during certain error or incomplete authentication flows. Specifically, after a...

Microsoft Windows Kernel 资源管理错误漏洞

The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Kernel, which can be exploited by an attacker to elevate privileges...

Adobe InCopy 缓冲区错误漏洞

Adobe InCopy is a text editing software for creative purposes developed by Adobe, Inc. Versions of Adobe InCopy such as 20.5.2 and 21.2 and earlier have a buffer error vulnerability. This vulnerability stems from an out-of-bounds read during the parsing of specially crafted files, which may allow...

Microsoft Word 缓冲区错误漏洞

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. An information disclosure vulnerability exists in Microsoft Word. An attacker could exploit this vulnerability to obtain sensitive information...

libsixel 输入验证错误漏洞

Libsixel is a software package developed by Hayaki Saito, which provides encoding/decoding implementations for DEC SIXEL graphics and other conversion programs. Versions of Libsixel 1.8.7 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from an...

PT-2026-32976

Name of the Vulnerable Software and Affected Versions free5GC versions 4.2.1 and earlier Description A fail-open request handling flaw exists in the UDR service. The PUT handler for the endpoint '/nudr-dr/v2/policy-data/subs-to-notify/subsId' does not terminate execution after request body...

PT-2026-33230

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData recurses once per message; the buffer shrinks each call. maxBufferSize is never reached; call stack overflows instead. ...

Microsoft Windows 访问控制错误漏洞

Microsoft Windows is an operating system used on personal devices by the American company Microsoft. The Microsoft Windows RPC API contains a vulnerability related to access control errors. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are...

Microsoft Excel 资源管理错误漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft PowerShell 输入验证错误漏洞

Microsoft PowerShell is a Microsoft-developed cross-platform task automation solution that includes a command-line shell, scripting language, and configuration management framework. A security feature bypass vulnerability exists in Microsoft PowerShell, which can be exploited by an attacker to...

Microsoft Windows Storage Spaces Controller 缓冲区错误漏洞

Microsoft Windows Storage Spaces Controller is a necessary driver provided by Microsoft for providing storage space functions. There is a buffer error vulnerability in Microsoft Windows Storage Spaces Controller. Attackers can exploit this vulnerability to gain elevated privileges. The following...

Microsoft Windows Storage Spaces Controller 数字错误漏洞

Microsoft Windows Storage Spaces Controller is a necessary driver provided by Microsoft for providing storage space functions. There is a numerical error vulnerability in Microsoft Windows Storage Spaces Controller. Attackers can exploit this vulnerability to gain higher privileges. The following...

Microsoft Word 资源管理错误漏洞

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

Adobe Framemaker 缓冲区错误漏洞

Adobe Framemaker is a page layout software developed by Adobe Inc. in the United States, used for writing and editing large or complex documents, including structured documents. Versions of Adobe Framemaker prior to 2022.8 contained a buffer error vulnerability. This vulnerability stemmed from...

SUSE SLES15 Security Update : kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1271-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1271-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.65 fixes various security issues The following security issues were fixed: -...

SUSE SLES15 Security Update : kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1284-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1284-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.25 fixes various security issues The following security issues were fixed: -...

Microsoft Word 资源管理错误漏洞

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...