SUSE-SU-2026:21414-1 Security update for vim

This update for vim fixes the following issue: Update to version 9.2.0398. Security issues fixed: - CVE-2026-39881: missing sanitization in defineAnnoType and specialKeys can lead to arbitrary Ex command injection via a malicious NetBeans server bsc1261833...

PT-2026-35575

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract to json of the file src/entry.py. Performing a manipulation of the argument output filename results in sql injection. Remote exploitation of the attack is possible. The exploit has...

CVE-2026-7012

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument fall/fall404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versi...

CVE-2026-7135

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...

CVE-2026-7135 GPAC MP4Box box_code_base.c elng_box_read out-of-bounds

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...

CVE-2026-7135 GPAC MP4Box box_code_base.c elng_box_read out-of-bounds

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elngboxread of the file src/isomedia/boxcodebase.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack...

PT-2026-35448

A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng box read of the file src/isomedia/box code base.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The...

netfilter: xt_multiport: validate range encoding in checkentry

...

CVE-2026-7018

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...

CVE-2026-7018

Datavane Datavines (up to build 13607645e14a4982468cfdbcf75c85cde63bae71) exposes a vulnerability in the JWT Token Handler component, specifically in TokenManager.java. Manipulation of the tokenSecret parameter can cause use of a hard-coded cryptographic key. The issue is exploitable remotely wit...

CVE-2026-7016 MaxSite CMS ushki Plugin cross site scripting

A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument fushkanew/fushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could...

CVE-2026-7015

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...

EUVD-2026-25690

A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component downcount Plugin. This manipulation of the argument ffile/fprefix causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading...

CVE-2026-7014 MaxSite CMS down_count Plugin cross site scripting

A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component downcount Plugin. This manipulation of the argument ffile/fprefix causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading...

CVE-2026-7012

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument fall/fall404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versi...

CVE-2026-7013

A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mailsend Plugin. The manipulation of the argument fsubject/ffiles/ffrom leads to cross site scripting. The attack can be initiated remotely. The exploit has...

CVE-2026-7013

MaxSite CMS (up to 109.3) contains a cross-site scripting (XSS) vulnerability in the mail_send plugin. An attacker can manipulate the f_subject, f_files, or f_from parameters to trigger XSS, with remote initiation and public disclosure of the exploit. The issue affects an unknown functionality wi...

CVE-2026-7012

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument fall/fall404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versi...

CVE-2026-7011 MaxSite CMS Antispam Plugin plugin_antispam cross site scripting

A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/pluginantispam of the component Antispam Plugin. Executing a manipulation of the argument floggingfile can lead to cross site scripting. It is possible to launc...

PT-2026-35236

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Adobe Commerce/Magento affected versions not specified Description An inappropriate implementation in FoldableAPIs allows a remote attacker who has compromised the renderer process to bypass site...