SUSE-SU-2026:20822-1 Security update for systemd

This update for systemd fixes the following issues: Security issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. - CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. - udev: check for invalid...

ITK 安全漏洞

ITK is an open-source cross-platform tool suite for scientific image processing and segmentation, developed by the Insight Software Consortium. Versions of ITK prior to 2.7.1 contained security vulnerabilities, which were caused by integer overflow or circularity errors...

ROS-20260324-73-0008

A vulnerability in the powerpc/eeh module of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260324-73-0034

A vulnerability in the davinci component of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

Android ImageMagick 安全漏洞

Android ImageMagick is an image processing library developed by Cherry’s individual developer for the Android platform. Versions of Android ImageMagick prior to 7.1.2-11 contained security vulnerabilities, which were caused by integer overflows or circular errors...

ART 安全漏洞

ART is an open-source cross-platform RAW image processing program developed by ART raw image processor. Versions of ART prior to 1.25.12 contain security vulnerabilities, which stem from integer overflows or circular errors. These vulnerabilities may cause issues with the program file dcraw.C...

ROS-20260324-73-0005

A vulnerability in the mm/vmalloc.c component of the Linux kernel is related to resource release errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260324-73-0023

A vulnerability in the dtpmcpu component of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

CVE-2026-33688

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames a...

CVE-2026-33688 AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames a...

EUVD-2026-14400

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration...

CVE-2026-4633

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration...

EUVD-2026-14380

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

ROS-20260323-73-0026

A vulnerability in the mcast component of the Linux operating system kernel is related to resource release errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260323-73-0012

A vulnerability in the pinctrl-msm component of the Linux kernel is related to resource release errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260323-73-0027

A vulnerability in the tmptcp components of the Linux operating system kernel is related to state management errors. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause denial of service...

ROS-20260323-73-0018

A vulnerability in the xusb component of the Linux operating system kernel is related to state management errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260323-73-0022

A vulnerability in the appletalk component of the Linux operating system kernel is related to errors in updating the reference counter. Exploitation of the vulnerability allows an attacker to compromise data integrity and cause a denial of service...

PT-2026-27009

A security vulnerability has been detected in mickasmt next-saas-stripe-starter 1.0.0. Affected is the function generateUserStripe of the file actions/generate-user-stripe.ts of the component Checkout Handler. The manipulation of the argument priceId leads to business logic errors. The attack may...

GHSA-RJCW-VG7J-M9RC Syft improper temporary file cleanup

Impact Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those archives into temporary storage then inspect the unpacked contents. Under normal operation Syft will remove the...