Maintenance update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server

Description: This update fixes the following issues: branch-network-formula: Update to version 1.1.0 Enable containers on SLE15SP7 Exclude podman interfaces from sysctl setting cobbler: Compatibility fixes for tftpboot directory setup inter-server-sync: Version 0.3.10-0 Write log to a rotated fil...

SUSE-SU-2026:20830-1 Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path bsc1256644. - CVE-2025-71085: ipv6: BUG in pskbexpandhead as part of calipsoskbuffsetattr...

SUSE SLES12 Security Update : kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:0970-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0970-1 advisory. This update for the SUSE Linux Enterprise Kernel 4.12.14-122.275 fixes various security issues The following security issues were fixed: -...

Fedora 44 : python-diskcache (2026-56264d0a56)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-56264d0a56 advisory. Incorporate patch from Sam Doran to fix CVE-2025-69872 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Ory Oathkeeper has an authentication bypass by cache key confusion

Description Ory Oathkeeper is vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and...

CLSA-2026-1773772035 Fix CVE(s): CVE-2025-23048

SECURITY UPDATE: SNI validation issue in modssl - debian/patches/CVE-2025-23048.patch: update SNI validation to move the SSL compatibility check after strict SNI hostname verification in modules/ssl/sslenginekernel.c. - CVE-2025-23048...

Security Bulletin: IBM Rhapsody Systems Engineering is using qs-6.14.0 which is vulnerable to CVE-2025-15284

Summary A security vulnerability was identified in the QS package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper...

CVE-2026-3949

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...

Oracle Linux 8 : libvpx (ELSA-2026-3967)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-3967 advisory. 1.7.0-13 - Add patch for superframe index full Resolves: RHEL-150334 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

CVE-2026-28410

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects bsc1257441...

TencentOS Server 4: capstone (TSSA-2026:0098)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0098 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

EUVD-2026-9158

In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00467553; Issue ID: MSV-5151...

CVE-2026-28355

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

GHSA-MXW3-3HH2-X2MH Rack has a Directory Traversal via Rack:Directory

Summary Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Details In directory.rb,...

Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href

Summary Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the javascript: scheme e.g. javascript:alert1, the generated index includes an anchor whose href attribute is exactly...

PT-2026-20340

Name of the Vulnerable Software and Affected Versions Blossom versions up to 1.17.1 Description A flaw exists in Blossom that allows for cross site scripting. The issue is located within the Article Title Handler component, specifically in the ArticleController.java file and its content function...

SUSE-SU-2026:20431-1 Security update for patch

This update for patch fixes the following issues: - CVE-2021-45261: invalid pointer via anotherhunk function can cause a denial-of-service bsc1194037...

OPENSUSE-SU-2026:20227-1 Security update for patch

This update for patch fixes the following issues: - CVE-2021-45261: invalid pointer via anotherhunk function can cause a denial-of-service bsc1194037...

PT-2026-6936

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A flaw exists in itsourcecode Society Management System 1.0 that allows for remote SQL injection. The issue is located in the /admin/edit expenses.php file, specifically through...