SUSE-SU-2026:21527-1 Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange bsc1258005. - CVE-2026-23004: dst: fix races in...

MAL-2026-3341 Malicious code in runtime-probe (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0253bd4b8dc52c1fc510a9355b9d4178b7e891c7fc0226537a8769dffcef6d89 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in runtime-readout (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 db23da97c424ee374983aaaa3b955d423abe32f91c024f372142dc234ae522d3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-40022

A flaw was found in the Apache Camel embedded HTTP server and embedded management server camel-platform-http-main. When authentication is enabled and a non-root context path is configured, the authentication handler incorrectly matches only the exact configured path, not its subpaths. This allows...

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

EUVD-2026-27273

OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise...

CVE-2026-43531 OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File

OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise...

SUSE CVE-2026-31740

In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: do not use struct rzmtu3channel's dev member The counter driver can use HW channels 1 and 2, while the PWM driver can use HW channels 0, 1, 2, 3, 4, 6, 7. The dev member is assigned both by the counter drive...

PT-2026-37287

Name of the Vulnerable Software and Affected Versions External Secrets Operator versions prior to 2.4.0 Description Namespaced SecretStore resources using CAProvider with type ConfigMap could resolve CA material from a different namespace when the caProvider.namespace variable was set. This...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability caused by Runtime type confusion. This vulnerability could allow a remote attacker to execute arbitrary code within a sandbox through a specially crafted HTM...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.14 contained security vulnerabilities. These vulnerabilities stemmed from editing bypasses, allowing authenticated gateway clients to receive unedited secrets through alias fiel...

Linux Distros Unpatched Vulnerability : CVE-2026-31740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - counter: rz-mtu3-cnt: do not use struct rzmtu3channel's dev member The counter driver can use HW channels 1 and 2, while the PWM driver can use HW channels 0, 1...

Linux Distros Unpatched Vulnerability : CVE-2026-31741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - counter: rz-mtu3-cnt: prevent counter from being toggled multiple times Runtime PM counter is incremented / decremented each time the sysfs enable file is writt...

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to the too broad path-template matching in the runtime authentication layer. An attacker can cause sensitive authentication credentials to be sent to unintended endpoints that may...

org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42809 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42809 Source advisory: OSV:GHSA-8GGJ-J522-H5QF...

org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42812 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42812 Source advisory: OSV:GHSA-W76P-3CGP-QFCM...

org.apache.opennlp:opennlp-cli (>=3.0.0-M1 <=3.0.0-M2), org.apache.opennlp:opennlp-distr (>=3.0.0-M1 <=3.0.0-M2) +6 more potentially affected by CVE-2026-40682 via org.apache.opennlp:opennlp-runtime (>=3.0.0-M1 <=3.0.0-M2)

org.apache.opennlp:opennlp-runtime MAVEN version =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M2 Source cves: CVE-2026-40682 Source advisory: SNYK:JAVA-ORGAPACHEOPENNLP-16419378...

org.apache.polaris:polaris-admin (>=1.0.0-incubating <=1.4.0), org.apache.polaris:polaris-api-catalog-service (>=1.0.0-incubating <=1.4.0) +23 more potentially affected by CVE-2026-42811 via org.apache.polaris:polaris-core (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-core MAVEN version =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.3.0-incubating, =1.3.0-incubating, =1.1.0-incubating, =1.1.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 and more Source...

org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42809 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42809 Source advisory: SNYK:JAVA-ORGAPACHEPOLARIS-16422853...