[SECURITY] Fedora 44 Update: gegl04-0.4.70-2.fc44

GEGL Generic Graphics Library is a graph based image processing framework. GEGLs original design was made to scratch GIMP's itches for a new compositing and processing core. This core is being designed to have minimal dependencies and a simple well defined API...

CVE-2026-32271 Craft Commerce: SQL Injection can lead to Remote Code Execution via TotalRevenue Widget

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allows any authenticated control panel user to achieve remote code execution through a four-step...

CVE-2026-32271

CVE-2026-32271 affects Craft Commerce (Craft CMS) in versions 4.0.0–4.10.2 and 5.0.0–5.5.4, where an SQL injection in the Commerce TotalRevenue widget allows any authenticated control panel user to achieve remote code execution. The exploit involves unsanitized widget settings interpolated into S...

CVE-2026-33737

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union...

SUSE-SU-2026:21107-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group bsc1259652. - CVE-2026-28387: potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL pointer dereference when processing...

CVE-2026-31427

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix use of uninitialized rtpaddr in processsdp processsdp declares union nfinetaddr rtpaddr on the stack and passes it to the nfnatsip sdpsession hook after walking the SDP media descriptions. However...

Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the cryptography package (CVE-2026-34073)

Summary The cryptography package is used by the z/TPF system as part of runtime metrics collection RTMC. Vulnerability Details CVEID:CVE-2026-34073 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS nam...

OPENSUSE-SU-2026:20519-1 Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to version 24.14.1. Security issues fixed: - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716:...

Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

[SECURITY] Fedora 43 Update: libpng-1.6.56-1.fc43

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

ABB System 800xA, Symphony Plus IEC 61850

SUMMARY This vulnerability was privately reported relating to ABB’s implementation of the IEC 61850 communication stack for MMS client applications used in some Automation control system products. Note: IEC 61850 communication typically supports MMS and GOOSE protocols. Some ABB products support...

PT-2026-32528

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-19 ImageMagick versions prior to 6.9.13-44 Description ImageMagick is software used for editing and manipulating digital images. The DestroyXMLTree function frees the memory of the XML tree recursively witho...

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-19 and 6.9.13-44 contained security vulnerabilities. These vulnerabilities were due to a stack...

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-19 and 6.9.13-44 contained security vulnerabilities. These vulnerabilities stemmed from the...

ALSA-2026:7682 Important: openexr security update

OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR. Security Fixes:...

Linux Distros Unpatched Vulnerability : CVE-2026-31427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfconntracksip: fix use of uninitialized rtpaddr in processsdp processsdp declares union nfinetaddr rtpaddr on the stack and passes it to the nfnatsi...

📄 OpenSTAManager 2.9.8 Command Injection

OpenSTAManager versions 2.9.8 and below suffer from a command injection vulnerability via the P7M file processing functionality. CVE-2025-69212: OpenSTAManager has an OS Command Injection in P7M File Processing Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69212 | | Severity | CRITIC...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which may lead to a overflow when the x25sock.fraglen variable is accumulated, potentially causing errors in data...