CVE-2026-53169

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject NPUOPRESIZE commands from userspace NPUOPRESIZE is a U85-only command that the driver does not yet implement. The existing WARNON1 placeholder fires unconditionally whenever userspace submits this command via...

GHSA-HM7R-C7QW-GHP6 fast-jwt accepts unknown `crit` header extensions (RFC 7515 violation)

Summary fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. ---...

CVE-2026-23300

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...

CVE-2025-15367

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

CLSA-2025-1767000167 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checks to prevent crashes and improperly escaped data when PostgreSQL rejects invalid strings...

BIT-LIBPHP-2025-1735 pgsql extension does not check for errors during escaping

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

SUSE CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

Security update for python36

This update for python36 fixes the following issues: CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch...

CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

CVE-2024-22413

Rejected reason: Further research determined the issue is not a vulnerability. The Creditcoin blockchain team takes the stance that there is no real bug or vulnerability here and that the creditcoin-cli command is working as it was designed to...

DBShield - Database Firewall Written In Go

Protects your data by inspecting incoming queries from your application server and rejecting abnormal ones. How it works? For example, this is how web server normally interacts with database server: By adding DBShield in front of database server we can protect it against abnormal queries. To dete...