CVE-2026-45055

CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CCSTOREURL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded verbatim into transactional email links, most critically the password-reset link in...

CVE-2026-40181

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...

CVE-2026-33384 Session Fixation in QuickCMS

QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...

CVE-2026-33384

QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...

SUSE-SU-2026:21817-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...

SUSE-SU-2026:21766-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...

SUSE-SU-2026:21772-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...

SUSE SLES15 Security Update : kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1694-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1694-1 advisory. This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: -...

SUSE-SU-2026:21530-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes various security issues The following security issues were fixed: - CVE-2026-23204: net/sched: clsu32: use skbheaderpointercareful bsc1259126. - CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy...

SUSE-SU-2026:21521-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes various security issues The following security issues were fixed: - CVE-2026-23204: net/sched: clsu32: use skbheaderpointercareful bsc1259126. - CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy...

SUSE-SU-2026:21306-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: - CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...

CVE-2026-34405

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

CVE-2026-34405 Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

CVE-2026-33898

CVE-2026-33898 affects the Incus web UI local web server. Prior to v6.23.0, the server incorrectly validates the authentication token when provided in the URL, while the cookie stores the token correctly. An attacker who can access the temporary localhost web server can gain the same access as th...

SUSE-SU-2026:20678-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-28.1 fixes one security issue The following security issue was fixed: - CVE-2025-38129: pagepool: fix use-after-free in pagepoolrecycleinring bsc1258139...

Ghost Vulnerable to Remote Code Execution via Malicious Themes

Impact Specifically crafted malicious themes can execute arbitrary code on the server running Ghost. Vulnerable Versions This vulnerability is present in Ghost v0.7.2 to v6.19.0. Patches v6.19.1 contains a fix for this issue. Workarounds Ghost generally recommends users refrain from installing...

PT-2026-21845

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.7.2 Description A crafted PDF file can cause an infinite loop when read, potentially impacting systems processing these files. The issue requires file reading to be triggered. Recommendations Update to version 6.7.2 o...

SUSE-SU-2026:20393-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-38476: rpl: Fix use-after-free in rpldosrhinline bsc125120...

PT-2026-3523

Name of the Vulnerable Software and Affected Versions jaraco.context versions prior to 6.1.0 Description jaraco.context, a software package providing decorators and context managers, contains a path traversal issue in the jaraco.context.tarball function. The issue allows attackers to extract file...

CVE-2022-38463

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality...