ROOT-OS-DEBIAN-13-CVE-2025-6069 CVE-2025-6069 in rootio-python3.13 - Patched by Root

Root has patched CVE-2025-6069 in the rootio-python3.13 package for Root:Debian:13. Multiple fixed versions available...

RHSA-2026:8521 Red Hat Security Advisory: libarchive security update

Bulletin has no description...

RHSA-2026:8468 Red Hat Security Advisory: .NET 8.0 security update

Bulletin has no description...

Security update for bind

This update for bind fixes the following issues: CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

Security update for python-CairoSVG

This update for python-CairoSVG fixes the following issue: CVE-2026-31899: denial of service via recursive element amplification bsc1259690. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007562)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007562 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one Eric Dumazet...

nodejs:20 security update

nodejs 1:20.20.2-1 - Update to version 20.20.2 - Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change. Resolves: RHEL-154018 Fixes: CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547 CVE-2026-21710 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves:...

Tenable Security Center Multiple Vulnerabilities (TNS-2026-10)

According to its self-reported version, the Tenable Security Center running on the remote host is 6.5.0 through 6.8.0 and missing security patch SC-202604.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-10 advisory. - Missing validation of multibyte charact...

BIT-AUTHENTIK-2024-52289 authentik has an insecure default configuration for OAuth2 Redirect URIs

authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirecturi value received as an allowed redirect URI, without escaping...

BIT-AUTHENTIK-2024-38371 Insufficient access control for OAuth2 Device Code flow in authentik

authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been...

BIT-AUTHENTIK-2024-37905 Improper Access Control and Incorrect Authorization in github.com/goauthentik/authentik

authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including...

@fastify/static vulnerable to route guard bypass via encoded path separators

Impact @fastify/static v9.1.0 and earlier decodes percent-encoded path separators %2F before filesystem resolution, but Fastify's router treats them as literal characters. This creates a routing mismatch: route guards on /admin/ do not match /admin%2Fsecret.html, but @fastify/static decodes it to...

CVE-2024-58343

Vision Helpdesk before 5.7.0 patched in 5.6.10 allows attackers to read user profiles via modified serialized cookie data to visclientid...

CVE-2026-33193

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

RLSA-2026:8093 Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 For more details about the security issues, including the impact, a CVSS score,...

CVE-2026-40575

creationtimestamp| type| source ---|---|--- 2026-04-16 11:06:42+00:00| seen| https://ccb.belgium.be/advisories/warning-critical-authentication-bypass-oauth2-can-lead-unauthorized-data-access-patch 2026-04-22 01:19:23+00:00| seen| Telegram/LUR06ONloRlViUIW27ojzHZG9BE33b4Dag-8VffcgXgN8 2026-04-22...

ROOT-OS-DEBIAN-11-CVE-2024-38950 CVE-2024-38950 in rootio-libde265 - Patched by Root

Root has patched CVE-2024-38950 in the rootio-libde265 package for Root:Debian:11. Multiple fixed versions available...

CVE-2026-6264

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

apache-pdfbox-2.0.36-1.1 on GA media (moderate)

apache-pdfbox-2.0.36-1.1 on GA media Announcement ID: openSUSE-SU-2026:10550-1 Rating: moderate Cross-References: CVE-2026-3392 CVE-2026-33929 CVSS scores: CVE-2026-33929 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Tumbleweed An update that solves 2...

CLSA-2026-1776256710 binutils: Fix of CVE-2025-11082

CVE-2025-11082: Fix heap-based buffer overflow in bfdelfparseehframe triggered by crafted EH frame data; apply patches ea1a0737c769 and e4f355f13be...