Security update for osslsigncode (critical)

openSUSE Security Update: Security update for osslsigncode Announcement ID: openSUSE-SU-2026:0115-1 Rating: critical References: 1260680 Cross-References: CVE-2025-70888 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This...

Security update for osslsigncode (critical)

openSUSE Security Update: Security update for osslsigncode Announcement ID: openSUSE-SU-2026:0116-1 Rating: critical References: 1260680 Cross-References: CVE-2025-70888 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This...

CVE-2026-28373

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem...

Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

Summary Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a response encoding, an unauthenticated attacker can send a single request with a crafted...

CVE-2025-43202

This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption...

CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...

CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...

GO-2026-4891 act: Unrestricted set-env and add-path command processing enables environment injection in github.com/nektos/act

act: Unrestricted set-env and add-path command processing enables environment injection in github.com/nektos/act...

CVE-2026-34426

OpenClaw is affected in versions prior to commit b57b680, due to inconsistent environment variable normalization between approval and execution paths. This allows attackers to inject attacker-controlled environment variables into execution without proper approval validation, by exploiting differi...

CVE-2025-43264

CVE-2025-43264 is reported in the Apple macOS Sequoia 15.6 security content under the Model I/O component. The vulnerability is described as a memory corruption issue when processing a maliciously crafted image, which may corrupt process memory. Apple’s security notes list this CVE among other Mo...

CVE-2025-43202

CVE-2025-43202 is documented in connected sources as a memory corruption issue in libnetcore affecting macOS Sequoia 15.x and Apple mobile OSes (iOS/iPadOS). Apple’s security content for Sequoia 15.6 and iOS 18.6/iPadOS 18.6 lists this CVE among multiple fixes addressing memory handling in core c...

CVE-2025-43202

This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption...

CVE-2026-34826

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the...

GHSA-H4WV-G838-66G3 Keycloak: Application-Level DoS via Scope Processing

A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect OIDC token endpoint. This leads to high resource consumption and prolonged processing times, ultimate...

Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing

...

CVE-2026-5314

A flaw was found in Nothings stb, specifically within the stbttInitFontinternal function in the stbtruetype.h library. A remote attacker can exploit this vulnerability by performing a manipulation that leads to an out-of-bounds read. This can result in a Denial of Service DoS, making the affected...

CVE-2026-5317

A flaw was found in Nothings stb, a library used for processing audio. A remote attacker can exploit a vulnerability involving an out-of-bounds write within the startdecoder function. This issue could allow an attacker to cause the application to crash, disclose sensitive information, or corrupt...

Apache Traffic Server 安全漏洞

Apache Traffic Server ATS is a scalable HTTP proxy and caching server developed by the Apache Foundation in the United States. Versions of Apache Traffic Server 10.1.1 and earlier, as well as 9.2.12 and earlier versions, have security vulnerabilities. These vulnerabilities stem from defects in PO...

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by Rack authors. Vulnerabilities exist in versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6. These vulnerabilities stem from Rack::Utils.selectbestencoding, which has a quadratic time complexity when processing Accept-Encoding headers...

PT-2026-33152

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.101 Description An out of bounds write in the GPU allows a remote attacker who has compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. An out of bounds write...