GO-2026-4754 free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion in github.com/free5gc/ausf

free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion in github.com/free5gc/ausf...

OPENSUSE-SU-2026:20410-1 Security update for exiv2

This update for exiv2 fixes the following issues: Update to exiv2 0.28.8: - CVE-2024-24826: out-of-bounds read in QuickTimeVideo: NikonTagsDecoder bsc1219870. - CVE-2024-25112: denial of service due to unbounded recursion in QuickTimeVideo: multipleEntriesDecoder bsc1219871. - CVE-2024-39695:...

SUSE-SU-2026:0958-1 Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.272 fixes various security issues The following security issues were fixed: - CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage bsc1250785. - CVE-2022-50697: mrp: introduce active flags to prevent UAF when...

CVE-2026-2580

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...

SUSE-SU-2026:0954-1 Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.258 fixes various security issues The following security issues were fixed: - CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage bsc1250785. - CVE-2022-50697: mrp: introduce active flags to prevent UAF when...

SUSE-SU-2026:0939-1 Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7 RT)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.5 fixes various security issues The following security issues were fixed: - CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds bsc1257629. - CVE-2025-38488: smb: client: fix use-after-free in...

Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7 RT)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.8 fixes various security issues The following security issues were fixed: CVE-2025-38488: smb: client: fix use-after-free in cryptmessage when using async crypto bsc1247240. CVE-2025-40258: mptcp: fix race condition in...

Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7 RT)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.22 fixes various security issues The following security issues were fixed: CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed bsc125766...

SUSE SLES15 Security Update : kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7 RT) (SUSE-SU-2026:0940-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0940-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.3 fixes various security issues The following security issues were fixed: -...

EUVD-2026-14160

The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-4161

The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-4161

CVE-2026-4161 involves the WordPress plugin “Review Map by RevuKangaroo.” The NVD/NVD-derived records state a Stored Cross-Site Scripting vulnerability in plugin settings for all versions up to 1.7, caused by insufficient input sanitization and output escaping. The impact requires authenticated a...

CVE-2026-4161 Review Map by RevuKangaroo <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-4161 Review Map by RevuKangaroo <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

WordPress plugin Review Map by RevuKangaroo 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-26879

Name of the Vulnerable Software and Affected Versions The Review Map by RevuKangaroo plugin for WordPress versions prior to 1.8 Description The plugin is susceptible to Stored Cross-Site Scripting through insufficient input sanitization and output escaping in the plugin settings. This allows...

WordPress Contact List plugin <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'clmapiframe' Parameter vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin Contact List versions = 3.0.18...

Security update for

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.25 fixes various security issues The following security issues were fixed: CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass...

Security update for

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.22 fixes various security issues The following security issues were fixed: CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed bsc125766...

CVE-2026-23278

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nftables component. This vulnerability occurs during transaction processing when the system incorrectly handles multiple pending catchall elements, particularly when the associated map is being removed. This can...