CVE-2026-1738

A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwctunneladd of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be executed remotely. The exploit has been published...

CVE-2025-11261 Stored i18n XSS exposed by security patch for T402077

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from before 1.39.15,...

CVE-2025-11261 Stored i18n XSS exposed by security patch for T402077

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from before 1.39.15,...

PT-2026-6447

Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...

PT-2026-6296

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with ICC color management profiles. A stack-based buffer overflow exists in the icFixXml function when processing malformed ICC profiles. This...

Security update for chromium (moderate)

openSUSE security update: security update for chromium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20156-1 Rating: moderate References: bsc1257404 Cross-References: CVE-2026-1504 Affected Products: openSUSE Leap 16.0...

ROOT-OS-UBUNTU-2404-CVE-2026-24882 CVE-2026-24882 in rootio-gnupg2 - Patched by Root

Root has patched CVE-2026-24882 in the rootio-gnupg2 package for Root:Ubuntu:24.04. Multiple fixed versions available...

BIT-DISCOURSE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change

Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...

BIT-DISCOURSE-2025-68933 Discourse non-admin moderators can exfiltrate private content via post ownership transfer

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the moderatorschangepostownership setting enabled can change ownership of posts in private messages and restricted categories they cannot access, then export...

Wear OS Security Bulletin—February 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2026-02-05 or later from the February 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage al...

dirmngr-2.5.17-1.1 on GA media (moderate)

dirmngr-2.5.17-1.1 on GA media Announcement ID: openSUSE-SU-2026:10112-1 Rating: moderate Cross-References: CVE-2026-24881 CVE-2026-24882 CVE-2026-24883 CVSS scores: CVE-2026-24881 SUSE : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-24881 SUSE : 8.7...

CVE-2026-1684

A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcpreports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. The attack can be executed remotely. It is advisable to...

EUVD-2026-4966

Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac...

CVE-2026-1682

A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The...

ROOT-OS-DEBIAN-12-CVE-2025-68276 CVE-2025-68276 in rootio-avahi - Patched by Root

Root has patched CVE-2025-68276 in the rootio-avahi package for Root:Debian:12. Multiple fixed versions available...

Photon OS 5.0: Linux PHSA-2026-5.0-0745

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0745. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Net PHSA-2026-4.0-0946

An update of the net package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0946. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid29724...

Photon OS 5.0: Grub2 PHSA-2026-5.0-0742

An update of the grub2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0742. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2026-25117

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

ROOT-OS-DEBIAN-12-CVE-2026-22693 CVE-2026-22693 in rootio-harfbuzz - Patched by Root

Root has patched CVE-2026-22693 in the rootio-harfbuzz package for Root:Debian:12. Multiple fixed versions available...