CVE-2026-24000 Fleet has a rate limiting bypass via untrusted client IP headers

Fleet is open source device management software. Prior to version 4.80.1, Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limitin...

CVE-2026-33690

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getRealIpAddr function in objects/functions.php trusts user-controlled HTTP headers to determine the client's IP address. An attacker can spoof their IP address by sending forged headers, bypassing any IP-base...

PT-2026-27189

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. Versions up to and including 26.0 are affected by an issue where the getRealIpAddr function in objects/functions.php relies on user-controlled HTTP...

Security update for pcr-oracle, shim

This update for pcr-oracle, shim fixes the following issues: pcr-oracle: predict SbatLevelRT for the next boot bsc1230316 shim was updated to version 15.8: Update shim-install to use the 'removable' way for encrypted SL-Micro images bsc1230316 Always use the removable way for SL-Micro Limit the...

SUSE-SU-2024:1462-1 Security update for shim

This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm bsc1213945 - Limit the requirement of fde-tpm-helper-macros to the distro with suseversion 1600 and above bsc1219460 Update to version 15.8: Security issues fixed: - mok: fix LogError invocation...