Vulnerability in contrib module (CVE-2026-2004)

PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the...

UBUNTU-CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

OPENSUSE-SU-2026:20199-1 Security update for micropython

This update for micropython fixes the following issues: Changes in micropython: - CVE-2026-1998: Fixed segmentation fault in mpmaplookup via mpimportall bsc1257803. - Version 1.26.1 esp32: update esptinyusb component to v1.7.6 tools: add an environment variable MICROPYMAINTAINERBUILD esp32: add I...

SUSE-SU-2026:0434-1 Security update for gpg2

This update for gpg2 fixes the following issues: Security fixes: - CVE-2026-24882: Fixed stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396 - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data 'Filename' Field bsc1256389...

CVE-2026-24322

SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability...

CVE-2026-0486

In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted...

Huawei HarmonyOS camera module out-of-bounds write vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds write vulnerability exists in the Huawei HarmonyOS camera module, which stems from a lack of proper validation of user-supplied data by the...

Huawei HarmonyOS Window Module Authentication Bypass Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An authentication bypass vulnerability exists in the Huawei HarmonyOS window module, which can be exploited by an attacker to compromise confidentiality...

Huawei EMUI and Huawei HarmonyOS Communication Module Address Reading Vulnerability

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An address reading vulnerability exists in the Huawei EMUI and Huawei HarmonyOS communication module, which can b...

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

Huawei HarmonyOS HDC module buffer overflow vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability that stems from the HDC module failing to properly validate the length and size of input data,...

Huawei HarmonyOS HDC Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS HDC module, which can be exploited by an attacker to compromise confidentiality...

Huawei EMUI and Huawei HarmonyOS DFX Module Out-of-Bounds Write Vulnerability

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An out-of-bounds write vulnerability exists in the Huawei EMUI and Huawei HarmonyOS DFX module, which can be...

UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010

This module enables you to integrate and manage icons with Drupal. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site Scripting XSS vulnerability. The vulnerability is mitigated by the fact that in order to be vulnerable, the "UI Icons for CKEditor 5" submodule...

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

Huawei HarmonyOS Image Module Buffer Overflow Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A buffer overflow vulnerability exists in the Huawei HarmonyOS Image Module, which stems from the Image Module failing to properly validate the length and si...

CVE-2025-70085

An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames Source1Filename and the string returned by FileUtilFileStateStr into this buffer without any length checking and without using bounded format specifiers...

Huawei HarmonyOS Camera Module Type Obfuscation Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A type confusion vulnerability exists in the Huawei HarmonyOS camera module, which can be exploited by an attacker to cause usability to be compromised...

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

CVE-2025-69871

Summary: CVE-2025-69871 affects MedusaJS/Medusa v2.12.2 and earlier. The root cause is a race condition in the promotion module’s registerUsage() function, which performs a non-atomic read-check-update when enforcing usage limits. This can let unauthenticated remote attackers submit concurrent ch...