SUSE-SU-2026:21211-1 Security update for xwayland

This update for xwayland fixes the following issues: - CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap bsc1260922. - CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom bsc1260923. - CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence bsc1260924. - CVE-2026-34002: XKB...

SUSE SLED15 / SLES15 Security Update : xorg-x11-server (SUSE-SU-2026:1330-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1330-1 advisory. - CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap bsc1260922. - CVE-2026-34000: XKB Out-of-bounds Rea...

CVE-2026-34002

A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB X Keyboard Extension modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory...

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: hubble, stakater-reloader, flux-image-reflector-controller, temporal, external-secrets-operator, nfs-subdir-external-provisioner, secrets-store-csi-driver-provider-aws, flux-source-controller, metacontroller, nova, dgraph, spire-server, dataplaneapi,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: node-problem-detector, trillian, descheduler, sftpgo-plugin-geoipfilter, buildah, docker-credential-gcr, kubebuilder, kubernetes-csi-external-resizer, hugo-extended, pdfcpu, kubernetes-csi-external-attacher, task, nats, chartmuseum, cloud-sql-proxy, sbomqs, openbao,...

EUVD-2026-20898

fast-jwt: Stateful RegExp /g or /y causes non-deterministic allowed-claim validation logical DoS...

CVE-2026-35611

A flaw was found in Addressable. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing a maliciously crafted Uniform Resource Identifier URI to the URI template implementation. Specifically, certain URI templates using the explode modifier or multiple variables...

EUVD-2026-19788

Addressable has a Regular Expression Denial of Service in Addressable templates...

GHSA-H27X-RFFW-24P4 Addressable has a Regular Expression Denial of Service in Addressable templates

Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...

Addressable has a Regular Expression Denial of Service in Addressable templates

Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...

Addressable has a Regular Expression Denial of Service in Addressable templates

Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...

PT-2026-30910

Name of the Vulnerable Software and Affected Versions Addressable versions 2.3.0 through 2.8.9 Description Addressable, an alternative URI implementation for Ruby, contains a flaw in its URI template implementation. Templates utilizing the '' explode modifier with any expansion operator e.g., foo...

Vulnerability fixed in PEAR

PEAR has fixed a vulnerability in version 1.33.0. The vulnerability is in how the pregreplace function handles the /e modifier. This poses a risk of unauthorized code execution, which could compromise the integrity of applications using this framework. The patch fixes this problem by ensuring tha...

CVE-2026-25237

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

CVE-2026-25237

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

UBUNTU-CVE-2026-25237

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

CVE-2026-25237

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

CVE-2026-25237 PEAR is Vulnerable to PHP Code Execution via preg_replace /e in Bug Update Emails

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

EUVD-2026-5198

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

PT-2026-6286

Name of the Vulnerable Software and Affected Versions PEAR versions prior to 1.33.0 Description PEAR, a framework for reusable PHP components, contains a flaw related to the use of the preg replace function with the /e modifier. This can lead to PHP code execution if attacker-controlled content i...