CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

CVE-2026-46103

A flaw was found in the Linux kernel's can: ucan USB driver. This vulnerability arises from incorrect management of device resource lifetimes, where resources are tied to the parent USB device instead of the USB interface. This can lead to memory leaks when drivers are unbound without the...

openSUSE 16 Security Update : log4cxx (openSUSE-SU-2026:20705-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20705-1 advisory. Changes in log4cxx: - update to 1.7.0 bsc1261994, CVE-2026-40023: Non-ascii characters incorrectly encoded in JSON output 615 XML output could contain...

OPENSUSE-SU-2026:20705-1 Security update for log4cxx

This update for log4cxx fixes the following issues: Changes in log4cxx: - update to 1.7.0 bsc1261994, CVE-2026-40023: Non-ascii characters incorrectly encoded in JSON output 615 XML output could contain characters not allowed by the XML 1.0 specification An XML configuration file with recursive...

SUSE SLES12 Security Update : kernel (Live Patch 64 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:0518-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0518-1 advisory. This update for the SUSE Linux Enterprise kernel 4.12.14-122.244 fixes various security issues The following security issues were fixed: -...

SUSE-SU-2026:0515-1 Security update for the Linux Kernel (Live Patch 65 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.247 fixes various security issues The following security issues were fixed: - CVE-2023-53321: wifi: mac80211hwsim: drop short frames bsc1250314. - CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers and...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004956)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004956 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srptport from regular...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992479)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992479 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srptport from regular...

USN-7891-1 rust-openssl vulnerabilities

Matt Mastracci discovered that rust-openssl was incorrectly handling server lifetimes in certain functions. An attacker could possibly use this issue to cause a denial of service or run arbitrary memory content to the client. CVE-2025-24898 It was discovered that rust-openssl was incorrectly...

USN-7891-1: rust-openssl vulnerabilities

Matt Mastracci discovered that rust-openssl was incorrectly handling server lifetimes in certain functions. An attacker could possibly use this issue to cause a denial of service or run arbitrary memory content to the client. CVE-2025-24898 It was discovered that rust-openssl was incorrectly...

EUVD-2025-35689

Keycloak does not invalidate sessions when "Remember Me" is disabled...

CVE-2025-11429 Keycloak-server: too long and not settings compliant session

A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security...

CVE-2025-59451

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

EUVD-2025-32581

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

CVE-2025-59451

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

CVE-2025-59451

The connected sources confirm CVE-2025-59451 affects the YoSmart YoLink ecosystem: the YoLink MQTT broker and the YoLink API (through 2025-10-02) use session tokens with unexpectedly long lifetimes, enabling persistent unauthorized access. CISA’s advisory details additional risks tied to this vul...

CVE-2025-59451

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

PT-2025-40948

Name of the Vulnerable Software and Affected Versions YoSmart YoLink application versions through 2025-10-02 Description The YoSmart YoLink application has session tokens with unexpectedly long lifetimes. Recommendations Update to a version later than 2025-10-02. At the moment, there is no...

CVE-2025-59451

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

EUVD-2022-55395

Malicious code in bioql PyPI...