PT-2026-47582

Impact A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded. Patches Patched in 0.9.0a2. Disabling plugin signatur...

Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex

Description Symfony\Component\Yaml\Parser::cleanup strips the optional %YAML directive header, leading comments, and document start/end markers before parsing. The original regexes contained overlapping quantifiers, most notably '^%YAML: \d.+.\nu', whose \d.+ and . overlap on the dot, that exhibi...

UBUNTU-CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

ROOT-OS-DEBIAN-12-CVE-2018-5709 CVE-2018-5709 in rootio-krb5 - Patched by Root

Root has patched CVE-2018-5709 in the rootio-krb5 package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2024-26461 CVE-2024-26461 in rootio-krb5 - Patched by Root

Root has patched CVE-2024-26461 in the rootio-krb5 package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2022-0563 CVE-2022-0563 in rootio-util-linux - Patched by Root

Root has patched CVE-2022-0563 in the rootio-util-linux package for Root:Debian:12. Multiple fixed versions available...

SAP Solution Manager 7.2 - Remote Command Execution

SAP Solution Manager SolMan running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet tcsmdagentapplicationeem. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information...

PT-2026-44140

Description symfony/dom-crawler provides the Crawler class for navigating HTML/XML documents with CSS/XPath selectors; symfony/browser-kit's HttpBrowser uses it to parse fetched pages. Crawler::addXmlContent sets DOMDocument::$validateOnParse = true before calling loadXML. Setting validateOnParse...

PT-2026-43630

Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...

PT-2026-44145

Name of the Vulnerable Software and Affected Versions symfony/monolog-bridge versions prior to 5.4.52 symfony/monolog-bridge versions prior to 6.4.40 symfony/monolog-bridge versions prior to 7.4.12 symfony/monolog-bridge versions prior to 8.0.12 symfony/symfony versions prior to 5.4.52...

CVE-2026-9605 GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based overflow

A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bitreadRC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be...

gnutls: Fix use-after-free in gnutls_pkcs11_token_set_pin

No description is available for this CVE...

SUSE CVE-2026-7736

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...

glibc security update

2.28-251.0.4.37 - Forward port of Oracle patches Reviewed-by: David Faust Oracle history: May-7-2026 Cupertino Miranda - 2.28-251.0.4.34 - Forward port of Oracle patches Reviewed-by: Jose E. Marchesi March-18-2026 Cupertino Miranda - 2.28-251.0.4.31 - Forward port of Oracle patches Reviewed-by:...

PT-2026-47096

A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclos...

PT-2026-44374

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.6.1 Description Multiple issues exist in the software, including a buffer over-read in the inter-process communication mechanism that can lead to a denial of service. Additionally, remote code execution is...

ROOT-OS-DEBIAN-13-CVE-2026-47166 CVE-2026-47166 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-47166 in the rootio-imagemagick package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-46522 CVE-2026-46522 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-46522 in the rootio-imagemagick package for Root:Debian:13. Multiple fixed versions available...

CLSA-2026-1779694105 Fix CVE(s): CVE-2026-42307

SECURITY UPDATE: fix shell-injection in netrw via crafted sftp:// and file:// URLs by escaping the tempfile name and restricting the filename-suffix regex to word characters runtime/autoload/netrw.vim, upstream patch 9.2.0383 - debian/patches/CVE-2026-42307.patch: fix shell-injection in netrw via...

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. id: CVE-2018-15961 info: name: Adobe ColdFusion - Unrestricted File Upload...