GHSA-WJ3P-5H3X-C74Q vulnerabilities

Vulnerabilities for packages: backup-restore-operator, backup-restore-operator-fips...

CVE-2026-55653

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

CVE-2026-55653 Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

EUVD-2026-38412

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

CVE-2026-55653

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

CVE-2026-0259

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

GHSA-298W-VVM4-WW55 vulnerabilities

Vulnerabilities for packages: wazuh-dashboard, opensearch-dashboards, wazuh-dashboard-fips, opensearch-dashboards-fips...

CLEANSTART-2026-MJ26242 Security fixes for CVE-2026-41602, ghsa-wf45-q9ch-q8gh applied in versions: 1.300066.1-r0

Multiple security vulnerabilities affect the amazon-cloudwatch-agent-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

Security update for erlang26

This update for erlang26 fixes the following issues Security issues: CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal bsc1258663. CVE-2026-23941: HTTP Request Smuggling in Erlang OTP bsc1259687. CVE-2026-23942: path traversal vulnerability in Erlang OTP bsc1259681...

SUSE-SU-2026:2010-1 Security update for erlang26

This update for erlang26 fixes the following issues Security issues: - CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal bsc1258663. - CVE-2026-23941: HTTP Request Smuggling in Erlang OTP bsc1259687. - CVE-2026-23942: path traversal vulnerability in Erlang OTP bsc125968...

CLEANSTART-2026-EM93403 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-26958, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 0.18.0-r0, 0.19.0-r0, 0.19.0-r1

Multiple security vulnerabilities affect the prometheus-mysqld-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

EUVD-2026-30106

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

CVE-2026-0259

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

CVE-2026-0259

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

GHSA-V2FC-QM4H-8HQV vulnerabilities

Vulnerabilities for packages: pact-broker-docker, ruby4.0-rails, pact-broker-docker-fips, ruby3.3-rails, ruby3.4-rails, gitlab-rails-ce, gitlab-rails-ce-fips, ruby3.2-rails, kube-logging-operator...

PT-2026-38678

Name of the Vulnerable Software and Affected Versions BC-FJA versions 2.1.0 through 2.1.2 Description A cryptographic issue exists in BC-FIPS on Linux, X86 64, AVX, and AVX-512f architectures. This issue is associated with the program files "gcm128w" and "gcm512w". Recommendations At the moment,...

CVE-2026-42038 vulnerabilities

Vulnerabilities for packages: langfuse, opensearch-dashboards, saf, jitsucom-jitsu, wazuh-dashboard-fips, redisinsight, prism, langfuse-fips, kubeflow-centraldashboard, lerna, opensearch-dashboards-fips, wazuh-dashboard, kibana...

CLEANSTART-2026-DR81473 HashiCorp’s go-getter library up to v1

Multiple security vulnerabilities affect the harbor-scanner-trivy-fips package. HashiCorp’s go-getter library up to v1. See references for individual vulnerability details...

GHSA-GV3V-2CPP-3PMQ vulnerabilities

Vulnerabilities for packages: keycloak-fips, keycloak...

SUSE-SU-2026:0976-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 bsc1255111, jscSLE-18320: - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. - CVE-2026-27138:...