Security update for keylime

This update for keylime fixes the following issues: CVE-2025-13609: avoid re-registration of clients with same UUID but with different TPM identity bsc1254199. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2026:0217-1 Security update for keylime

This update for keylime fixes the following issues: - CVE-2025-13609: avoid re-registration of clients with same UUID but with different TPM identity bsc1254199...

CVE-2025-68133

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new...

EUVD-2026-3677

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

CVE-2026-23946

Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...

SUSE CVE-2025-15367

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

Tendenci code issues and vulnerabilities

Tendenci is a software solution developed by the Tendenci company in the United States, primarily used for managing associations of non-profit organizations and institutions. This software supports functions such as member management, content management, event management, and online donation...

PT-2026-3938

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279 B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...

Azure Linux 3.0 Security Update: gh (CVE-2024-53859)

The version of gh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53859 advisory. - go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21999)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21999 advisory. - In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race...

Azure Linux 3.0 Security Update: kernel (CVE-2024-49989)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49989 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix double free issue...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37995)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37995 advisory. - In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobjectput is safe f...

Azure Linux 3.0 Security Update: nginx (CVE-2024-7347)

The version of nginx installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7347 advisory. - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker t...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46786)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46786 advisory. - In the Linux kernel, the following vulnerability has been resolved: fscache: delete fscachecookielrutimer wh...

Oracle Primavera P6 Enterprise Project Portfolio Management (January 2026 CPU)

The versions of Primavera P6 Enterprise Project Portfolio Management installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and...

Azure Linux 3.0 Security Update: python3 (CVE-2023-6507)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6507 advisory. - An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38346)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38346 advisory. - In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix UAF when lookup kallsym aft...

Azure Linux 3.0 Security Update: samba (CVE-2021-44142)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-44142 advisory. - The Samba vfsfruit module uses extended file attributes EA, xattr to provide ...enhanced compatibility with...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26963)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26963 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-am62: fix module...

CVE-2026-22807

Vulnerability CVE-2026-22807 affects vLLM versions prior to 0.14.0, where during model resolution the engine loads Hugging Face auto_map dynamic modules without gating on trust_remote_code. This allows attacker-controlled Python code in a model repo or path to execute at server startup, before an...