SUSE CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

EUVD-2026-21609

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. packipv6 does not check that uncompressed IPv6 addresses without :: have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are accepted and produce packed values of...

Labcenter Electronics Proteus 缓冲区错误漏洞

Labcenter Electronics Proteus is an electronic engineering software developed by the British company Labcenter, used for circuit design and embedded system simulation. Labcenter Electronics Proteus has a buffer error vulnerability, which stems from insufficient validation of the data provided to...

Sonos Era 300 缓冲区错误漏洞

The Sonos Era 300 is a spatial audio speaker from the American company Sonos, equipped with Dolby Atmos technology. The Sonos Era 300 has a buffer error vulnerability, which stems from insufficient validation of the DataOffset field in SMB responses, potentially allowing remote code execution...

Python -- use-after-free vulnerability in decompressors under memory pressure

Seth Larson reports: There is a CRITICAL severity vulnerability affecting CPython. Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be...

Labcenter Electronics Proteus 缓冲区错误漏洞

Labcenter Electronics Proteus is an electronic engineering software developed by the British company Labcenter, used for circuit design and embedded system simulation. Labcenter Electronics Proteus has a buffer error vulnerability, which stems from insufficient validation of the data provided by...

Labcenter Electronics Proteus 缓冲区错误漏洞

Labcenter Electronics Proteus is an electronic engineering software developed by the British company Labcenter, used for circuit design and embedded system simulation. Labcenter Electronics Proteus has a buffer error vulnerability, which stems from insufficient validation of the data provided to...

SUSE SLES15 Security Update : kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:1237-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1237-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.187 fixes various security issues The following security issues were fixed: ...

CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

UBUNTU-CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

CVE-2026-40199 Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

CVE-2026-40199

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...

EUVD-2026-21506

Step CA affected by an index out of bounds panic in TPM attestation EKU validation...

GHSA-XQ4J-G85Q-WF97 REDAXO has reflected XSS backend packages API via function parameter (CSRF token required)

Summary A reflected XSS vulnerability has been identified in the REDAXO backend. The function parameter is concatenated into an API error message and rendered without HTML escaping. --- Details Root cause User input function is injected into an exception message, then rendered by rexview::error...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the function parameter, which is concatenated into an API error message and rendered without HTML escaping. An attacker can execute arbitrary JavaScript code in the context of a backend user's session by...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the type parameter, which is concatenated into an API error message and rendered without HTML escaping. An attacker can execute arbitrary JavaScript code in the context of the backend session by crafting a...

SUSE-SU-2026:1261-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: - CVE-2025-40159: xsk: Harden userspace-supplied xdpdesc validation bsc1253404. - CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoke...

CVE-2025-50659

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the customerror parameter in the /user.asp endpoint...

@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service

redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could result in DoS on some platforms, especially if the location passed to redirect contains unsanitized user input...