PT-2026-34454

Name of the Vulnerable Software and Affected Versions Ollama affected versions not specified Description An out-of-bounds heap read/write issue exists in the GGUF model quantization engine. An attacker can exploit this by uploading a specially crafted GPT-Generated Unified Format GGUF file to the...

CLSA-2026-1776776980 Fix CVE(s): CVE-2023-52425

SECURITY UPDATE: quadratic re-parsing DoS with large tokens - debian/patches/CVE-2023-52425.patch: add callProcessor wrapper with reparse deferral heuristic in expat/lib/xmlparse.c, add XMLSetReparseDeferralEnabled API in expat/lib/expat.h. - CVE-2023-52425...

Security update for rekor

This update for rekor rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007496 advisory. In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: defer device probing when resuming from hibernation syzbot is reporting hung task ...

CLSA-2026-1776262694 Fix CVE(s): CVE-2026-0968

SECURITY UPDATE: null pointer dereference and out-of-bounds read in sftpparselongname when processing malformed SSHFXPNAME messages - debian/patches/CVE-2026-0968.patch: add null check, input validation, and end-of-string guards in sftpparselongname - CVE-2026-0968...

Security update for freerdp

This update for freerdp fixes the following issues: Security fixes: CVE-2026-26271: Buffer overread in FreeRDP icon processing bsc1258979. CVE-2026-26955: Out-of-Bounds write in ClearCodec surface command handler bsc1258982. CVE-2026-26965: Out-of-bounds write in planar bitmap RLE decompression...

SUSE CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

CLSA-2026-1776178825 Fix of 8 CVEs

SECURITY UPDATE: fix vulnerability in stream handling - debian/patches/CVE-2025-53019.patch: fix vulnerability in stream handling - CVE-2025-53019 SECURITY UPDATE: fix integer overflow in resize - debian/patches/CVE-2025-55212.patch: fix integer overflow in resize - CVE-2025-55212 SECURITY UPDATE...

SUSE SLES15 Security Update : kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1225-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1225-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.73 fixes various security issues The following security issues were fixed: -...

PT-2026-32979

Name of the Vulnerable Software and Affected Versions next-intl versions prior to 4.9.1 Description Applications using the middleware with localePrefix: 'as-needed' could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host. This occurs...

CVE-2026-5603 elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection

A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be...

PT-2026-30325

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.17.0 Description Directus SSO login pages were missing the Cross-Origin-Opener-Policy COOP HTTP response header. This allowed a malicious cross-origin window to access and manipulate the window object of the...

GHSA-H2JQ-G4CQ-5PPQ Rack::Static prefix matching can expose unintended files under the static root

Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...

PT-2026-29924

Summary Rack::Multipart::Parserhandle mime head parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with Stringslice! prefix deletion. For escape-heavy quoted values, this causes super-linear processing. An...

ROOT-OS-ALPINE-318-CVE-2023-48233 CVE-2023-48233 in rootio-vim - Patched by Root

Root has patched CVE-2023-48233 in the rootio-vim package for Root:Alpine:3.18. Multiple fixed versions available...

ROOT-OS-ALPINE-318-CVE-2023-38471 CVE-2023-38471 in rootio-avahi - Patched by Root

Root has patched CVE-2023-38471 in the rootio-avahi package for Root:Alpine:3.18. Multiple fixed versions available...

Fedora 44 : pypy (2026-496bf1e0dd)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-496bf1e0dd advisory. Fix jit backend for ppc64le and s390x Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

SUSE-SU-2026:1096-1 Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.16 fixes various security issues The following security issues were fixed: - CVE-2025-38488: smb: client: fix use-after-free in cryptmessage when using async crypto bsc1247240. - CVE-2025-40258: mptcp: fix race condition in...

CVE-2026-32737

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod...

GHSA-V3RJ-XJV7-4JMQ smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines

Summary An attacker can send a maliciously crafted TOML to cause the parser to crash, because of a stack overflow caused by thousands of consecutive commented lines. The library uses recursion internally while parsing to skip over commented lines, which can be exploited to crash an application th...