SUSE SLED15 / SLES15 Security Update : go1.25-openssl (SUSE-SU-2026:2079-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2079-1 advisory. This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when...

PT-2026-43623

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8...

PT-2026-43645

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...

TencentOS Server 3: webkit2gtk3 (TSSA-2026:0393)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0393 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Astra Linux - уязвимость в webkit2gtk

This issue has been resolved through improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5, iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, and watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption...

CVE-2026-20685

An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3...

CVE-2026-20685

An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3...

CVE-2026-20685

An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3...

EUVD-2026-30209

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-39871

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data...

CVE-2026-39871

The CVE-2026-39871 entry describes a path handling issue in macOS that could allow an app to observe unprotected user data. The connected sources confirm fixes in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5, indicating the underlying problem was addressed through improved path...

CVE-2026-28903

CVE-2026-28903 is an Apple memory-management issue affecting web content processing that can crash the process. Connected sources describe multiple products affected (macOS Tahoe and other macOS variants; iOS/iPadOS; tvOS; visionOS; watchOS) with the root cause being improved memory handling to a...

CVE-2026-28914

A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks...

CVE-2026-42308

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...

webkitgtk: Processing maliciously crafted web content may disclose internal states of the app

A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application...

Linux Distros Unpatched Vulnerability : CVE-2026-43153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfs: remove xfsattrleafhasname The calling convention of xfsattrleafhasname is problematic, because it returns a NULL buffer when xfsattr3leafread fails, a vali...

Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2026-3270 (ALAS-2026-3270)

The version of webkitgtk4 installed on the remote host is prior to 2.52.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3270 advisory. A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari...

USN-8136-2: Dovecot regression

USN-8136-1 fixed vulnerabilities in Dovecot. The update caused a regression on Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An...

Azul Zulu Java Multiple Vulnerabilities (2026-04-21)

The version of Azul Zulu installed on the remote host is 6 prior to 6.79.0.14 / 7 prior to 7.85.0.12 / 8 prior to 8.93.0.18 / 11 prior to 11.87.18 / 17 prior to 17.65.18 / 21 prior to 21.49.18 / 25 prior to 25.33.16 / 26 prior to 26.30.12. It is, therefore, affected by multiple vulnerabilities as...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in axios (CVE-2026-39865, CVE-2025-62718, CVE-2026-25639, CVE-2026-40175)

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in axios CVE-2026-39865, CVE-2025-62718, CVE-2026-25639, CVE-2026-40175. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-39865 DESCRIPTION: Axios is a promise based...