Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element during the archive decompression for PUT /containers/id/archive API requests. An attacker can execute arbitrary code on the host with daemon privileges by uploading a compressed archive containing a...

Failing Open

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Failing Open when handing multi-tenant HTTP requests ENABLEMULTITENANT=true containing one or neither of the x-n8n-url and x-n8n-key headers. An...

GHSA-QXCH-WHHJ-8956 multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property e.g., proto, constructor, toString, the parser invokes .push on the inherited...

Sulu: Used API Keys may be available via Admin API

Impact The users endpoint controller exposes a project's apiKey field to the logged-in user, provided they have permission for that endpoint. This only has impact if a project itself uses that specific field, Sulu itself does nothing with it and has no authentication per apiKey in its core. Patch...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the signing and verification logic before applying JWT.decode. An attacker can forge valid JWTs by supplying a crafted token that passes signature verification due to the acceptance of empty keys. Note: This i...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview org.asynchttpclient:async-http-client is a maven plugin for the Async Http Client AHC classes. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the propagatedHeaders method during cross-origin redirects,...

shopper/framework: Authorization bypass in multiple Livewire admin components

Impact Multiple Livewire components in the admin panel allowed an authenticated low-privilege user to mutate data without the required permission: - Order detail Filament actions cancel, mark paid, mark complete, capture payment, archive, start processing were callable with readorders only and di...

Arcane Backend: OS Command Injection in Volume Browser ListDirectory via path query parameter

Summary GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitiser blocks ../ traversal but does not strip Bourne-shell metacharacters such as $ or backticks, and...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. CVE-2026-46300: net: skbuff: propagate shared-frag marker through...

CVE-2026-8802 opensourcepos Open Source Point of Sale Items.php getPicThumb path traversal

A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...

CVE-2026-28732

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. CVE-2026-46300: net: skbuff: propagate shared-frag marker...

Security update for xen

This update for xen fixes the following issue CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the UERadioCapabilityCheckResponse function in the dispatcher.go file. An attacker can cause a denial of service by sending specially crafted remote requests that trigger a null pointer dereference...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the...

AlmaLinux 9 : libpng (ALSA-2026:18028)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:18028 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 Tenable has extracted the preceding description block directly from th...

PT-2026-41716

Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description An issue exists in the open source video platform where the endpoint "objects/mention.json.php" lacks a User::loginCheck or admin gate. The endpoint only implements an entry guard using preg...

PT-2026-41631

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

PT-2026-41736

Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.71 FreePBX versions prior to 17.0.6 Description The backup module fails to properly sanitize data during restore operations. When extracting files from a user-supplied tar archive, the system reads malicious file...

TencentOS Server 3: gimp:2.8 (TSSA-2026:0324)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0324 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...