ROOT-OS-DEBIAN-13-CVE-2026-26066 CVE-2026-26066 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-26066 in the rootio-imagemagick package for Root:Debian:13. Multiple fixed versions available...

CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29052

The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored Cross-Site Scripting XSS vulnerability in the Event Types of the HumHub Calendar module impacts users...

CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

AZL-79431 CVE-2026-3381 affecting package qt5-qtbase 5.12.11-19

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution

Impact This is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an...

PT-2026-23505

Name of the Vulnerable Software and Affected Versions The Graph versions prior to 3.0.0 Description A flaw exists in the token vesting contracts of The Graph protocol. This issue allows users to access tokens before they are released according to their vesting schedule. The problem was addressed...

PT-2026-23508

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.98.0 Frappe versions prior to 14.100.0 Description Frappe is a full-stack web application framework. A flaw exists due to insufficient validation during document sharing, potentially allowing a user to share a...

SUSE SLES15 Security Update : kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:0731-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0731-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.124 fixes various security issues The following security issues were fixed: ...

openSUSE Security Advisory (SUSE-SU-2026:0777-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-66024

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...

Dark Reader gives users the ability to request style sheets from local web servers

Description Dark Reader versions prior to 4.9.117 included a behavior where a website could request a style sheet from a locally running web server, for example http://localhost:8080/style.css, If an address was available and returned a text/css content type. Patches The problem was fixed in...

Security update for libxslt

This update for libxslt fixes the following issues: CVE-2025-10911: use-after-free will be fixed on libxml2 side instead bsc1250553. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.50 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.50 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

Exploit for Code Injection in Anthropic Claude_Code

CVE-2025-59536 - the startup trust dialog implementation. Clau...

CVE-2026-28396

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has be...

PT-2026-23086

Name of the Vulnerable Software and Affected Versions CKEditor 5 versions prior to 47.6.0 Description CKEditor 5, a JavaScript rich-text editor, contains a cross-site scripting XSS issue within the General HTML Support feature. This issue arises from the insertion of specially crafted markup,...

PT-2026-23076

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.4 Description Hono is a Web application framework supporting various JavaScript runtimes. A flaw exists where the event, id, and retry fields within the streamSSE function in the Streaming Helper were not properly...

SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:0674-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0674-1 advisory. This update for the SUSE Linux Enterprise kernel 6.4.0-150700.5 fixes one security issue The following security issue was fixed: - CVE-2025-38129:...

OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups

Summary In OpenClaw = 2026.2.25 Fix Commits - aedf62ac7e669a89c7b299201bf6537dc6b12e0e Release Process Note patchedversions is pre-set to the release 2026.2.25 so after npm release the advisory is published. Thanks @tdjackey for reporting...