Qlik Sense Enterprise - HTTP Request Smuggling

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

Important: Red Hat Security Advisory: kpatch-patch-4_18_0-477_107_1, kpatch-patch-4_18_0-477_120_1, kpatch-patch-4_18_0-477_130_1, kpatch-patch-4_18_0-477_89_1, and kpatch-patch-4_18_0-477_97_1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

ROOT-APP-NPM-CVE-2025-68154 CVE-2025-68154 in @rootio/systeminformation - Patched by Root

Root has patched CVE-2025-68154 in the @rootio/systeminformation package for Root:npm. Multiple fixed versions available...

EUVD-2026-34316

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

[slackware-security] net-tools

New net-tools packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/net-tools-201811030eebece-i586-4slack15.0.txz: Rebuilt. This update fixes a security issue: interface.c: Stack-based Buffer Overfl...

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

Fedora 43 : postfix (2026-e9fc21d7e2)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e9fc21d7e2 advisory. This is an update fixing CVE-2026-43964. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

SUSE-SU-2026:2200-1 Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.95 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit bsc1265224. ...

Nerdbank.MessagePack has Inefficient CPU Computation

Impact Applications that call OptionalConverters.WithExpandoObjectConverter and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a On² algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an ExpandoObject, whose Add metho...

ROOT-APP-MAVEN-CVE-2024-50379 CVE-2024-50379 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

Root has patched CVE-2024-50379 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...

Important: kernel-livepatch-5.10.251-248.983

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-5.10.251-248.983 Issue Correction: Please ensure you have live patching enabled. Run yum update...

PT-2026-43466

Name of the Vulnerable Software and Affected Versions XWiki versions prior to 18.0.0RC1 XWiki versions prior to 17.10.13 XWiki versions prior to 17.4.9 XWiki versions prior to 16.10.17 Description An insufficient patch allows for the discovery of password hashes one bit at a time by using modifie...

Astra Linux - уязвимость в flatpak

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak application that used persistent directories could access and write files outside of its usual access rights, which constituted an attack on integrity and...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: HWS, fixed the issue where complex rule rehash operations failed. Moving rules from one matcher to another should not fail. However, if it does fail due to various reasons, the error handling mechanism should allow t...

Advisory ROSA-SA-2026-3269

software: angie 1.11.5 AXIS: ROSA-CHROME unaffected versions = angie-1.11.5-1 affected versions angie-1.11.5-1 CVE-ID: CVE-2026-42945 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A heap buffer overflow vulnerability in the ngxhttprewritemodule NGINX Plus and NGINX Open Source module allows an...

SUSE SLES15 Security Update : kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1873-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1873-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.203 fixes one security issue The following security issue was fixed: - CVE-2026-4328...

Important: kernel-livepatch-5.10.253-251.1014

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

Oracle Linux 9 : libsoup (ELSA-2026-13978)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-13978 advisory. 2.72.0-12.6 - Backport patch for CVE-2026-5119 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

Oracle Linux 8 : libsoup (ELSA-2026-14087)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-14087 advisory. - Backport patch for CVE-2026-5119 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

SUSE-SU-2026:21562-1 Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before...