EulerOS Virtualization 2.12.1 : binutils (EulerOS-SA-2026-2071)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with...

GHSA-98QH-XJC8-98PQ vulnerabilities

Vulnerabilities for packages: nacos-docker, keycloak, nacos, apicurio-registry, camunda, hono, dependency-track, flyway-fips, dependency-track-apiserver, kayenta, sonarqube, apache-hop-fips, ghidra, seata, kayenta-fips, geoserver, nuxeo, debezium, thingsboard, keycloak-fips, guacamole-client,...

GHSA-46WH-PXPV-Q5GQ vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, langfuse-fips, langfuse, wazuh-dashboard-fips, wazuh-dashboard, kibana, opensearch-dashboards-fips...

USN-8059-7: Linux kernel (AWS FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; CVE-2025-22037, CVE-2025-37899...

PT-2026-7849

Name of the Vulnerable Software and Affected Versions NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel versions prior to 20251215 Description The software contains an unrestricted file upload issue that allows access to functionality not...

CVE-2025-3950 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce, gitlab-workhorse-ce-fips, gitlab-workhorse-ce...

GHSA-3P78-2X5R-GJPP vulnerabilities

Vulnerabilities for packages: gitlab-operator-fips...

PT-2025-43686

Name of the Vulnerable Software and Affected Versions Bouncy Castle for Java FIPS versions 2.1.0 through 2.1.1 Bouncy Castle for Java LTS versions 2.73.0 through 2.73.7 Description An uncontrolled resource consumption issue exists in Bouncy Castle for Java FIPS and Bouncy Castle for Java LTS. The...

CVE-2025-10610

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.This issue affects Winsure: through Version dated 21.08.2025...

CVE-2025-10610

CVE-2025-10610 corresponds to an SQL injection vulnerability in Winsure (SFS Winsure) caused by improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected: Winsure versions up to 21.08.2025. Public documentation consistently describes the flaw and its impa...

CLSA-2025-1759223618 Update of kernel

Rebased FIPS patches to 5.14.0-570.46.1...

CLSA-2025-1758295568 Update of kernel

Rebased FIPS patches to 5.14.0-570.44.1...

GHSA-QJH3-4J3H-VMWP vulnerabilities

Vulnerabilities for packages: kyverno, kyverno-fips, flux, flux-fips...

The vulnerability of the biometric authentication function in Windows Hello on Windows operating systems allows a intruder to gain unauthorized access to protected information.

The vulnerability of the biometric authentication function in Windows Hello on Windows operating systems is related to errors in information processing. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

PT-2025-2702 · Qualcomm · Snapdragon +9

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption during the processing of FIPS encryption or decryption IOCTL calls invoked from user-space. This can lead to...

CVE-2024-51522

CVE-2024-51522 affects Huawei HarmonyOS in the Device Management Module, caused by improper processing of device information. The vulnerability potentially impacts availability (per NVD and Red Hat records); CVSS details indicate LOCAL attack with low complexity and no user interaction, but the e...

PT-2024-34686 · Unknown · Device Management Module

Name of the Vulnerable Software and Affected Versions: Device Management Module affected versions not specified Description: The issue is related to improper device information processing in the device management module. Successful exploitation of this issue may affect system availability...

Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...

The vulnerability of the OCC API Endpoint component in the SAP Commerce Cloud platform allows a perpetrator to gain unauthorized access to protected information or compromise data integrity.

The vulnerability of the OCC API Endpoint component in the SAP Commerce Cloud platform is related to errors in information processing. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected information or compromise the integrity of data...

openshift: OCP & FIPS mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...