OPENSUSE-SU-2026:20575-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 147.0.7727.55 boo1261758: CVE-2026-5858: Heap buffer overflow in WebML CVE-2026-5859: Integer overflow in WebML CVE-2026-5860: Use after free in WebRTC CVE-2026-5861: Use after free in V8 CVE-2026-5862: Inappropriate implementation in ...

Newsbull SQL注入漏洞

Newsbull is a news website content management system developed by Gürkan Uzunca. Version 1.0.0 of Newsbull has a SQL injection vulnerability, which stems from insufficient input validation for the search parameters across multiple endpoints, potentially allowing SQL injection attacks...

Echo Mirage 缓冲区错误漏洞

Echo Mirage is a software tool developed by abhi1299, used for audio signal processing and echo effect simulation. Version 3.1 of Echo Mirage contains a buffer error vulnerability, which stems from insufficient input validation of the Rules operation field. This vulnerability may lead to a stack...

MyT SQL注入漏洞

MyT is a task management system developed by domgio as an individual project. Version 1.5.1 of MyT contains a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the Chargegrouptotal parameter in the /charge/admin endpoint, which may lead to SQL injection...

VulnCheck KEV: CVE-2026-32201

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...

Libexif 输入验证错误漏洞

Libexif is a function library written in C language by the Libexif organization. This product is primarily used for reading and writing EXIF metadata from graphic files. Versions of Libexif prior to 0.6.25 contained a vulnerability related to input validation errors. This vulnerability stemmed fr...

eBrigade ERP SQL注入漏洞

eBrigade ERP is a comprehensive business system for enterprise resource planning management developed by the French company eBrigade. Version 4.5 of eBrigade ERP contains a SQL injection vulnerability, which stems from insufficient input validation for the id parameter in the pdf.php file. This...

CVE-2026-31845

A reflected cross-site scripting XSS vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint /api/tel/zadarma.php. The application directly reflects user-supplied input from the 'zdecho' GET parameter into the HTTP response without proper...

OESA-2026-1902 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

SUSE CVE-2026-5329

Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server primarily Linux that allows an authenticated remote attacker to write to arbitrary internal server queues via a crafted monitoring...

Chromium: CVE-2026-5885 Insufficient validation of untrusted input in WebML

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-5884 Insufficient validation of untrusted input in Media

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-5059 aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handlin...

Labcenter Electronics Proteus 缓冲区错误漏洞

Labcenter Electronics Proteus is an electronic engineering software developed by the British company Labcenter, used for circuit design and embedded system simulation. Labcenter Electronics Proteus has a buffer error vulnerability, which stems from insufficient validation of the data provided to...

GIMP 输入验证错误漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a vulnerability related to input validation, which stems from integer overflow during the parsing of XPM files. This vulnerability may lead to remote code execution...

GIMP 输入验证错误漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a vulnerability related to input validation, which stems from integer overflow during the parsing of ANI files. This vulnerability may lead to remote code execution...

SUSE CVE-2026-32990

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116,...

basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands

Summary basic-ftp's CRLF injection protection added in commit 2ecc8e2 for GHSA-chqc-8p9q-pq6q is incomplete. Two code paths bypass the protectWhitespace control character check: 1 the login method directly concatenates user-supplied credentials into USER/PASS FTP commands without any validation,...

GHSA-3WQJ-33CG-XC48 Rembg has a Path Traversal via Custom Model Loading

Summary A path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can force the server to attempt loading any file as an ONNX...

CVE-2025-50649

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlanname parameter in the /shutset.asp endpoint...