Security update for munge

This update for munge fixes the following issues: CVE-2026-25506: buffer overflow in message unpacking bsc1257651. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed f...

CVE-2026-22894 File Station 5

A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...

Security update for qemu

This update for qemu fixes the following issues: CVE-2025-11234: Fixed use-after-free in websocket handshake code can lead to denial of service bsc1250984. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

CVE-2026-25493

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation validates the initial URL hostname and resolved IP against a blocklist, but Guzzle follows HTTP redirects by default. An attacker can bypa...

OPENSUSE-SU-2026:10176-1 freerdp2-2.11.7-4.1 on GA media

These are all security issues fixed in the freerdp2-2.11.7-4.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-7564

A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync...

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2026-1761: Check length of bytes read in soupfilterinputstreamreaduntil to avoid a stack-based buffer overflow bsc1257598. CVE-2026-0716: improper bounds handling may allow out-of-bounds read bsc1256418. Patch Instructions: To install this...

2026-02 .NET 8.0.24 Security Update for x64 Client (KB5077863)

2026-02 .NET 8.0.24 Security Update for x64 Client KB5077863...

CLSA-2026-1770717529 Fix CVE(s): CVE-2025-69421

SECURITY UPDATE: check oct argument for NULL in PKCS12itemdecryptd2ie - debian/patches/CVE-2025-69421.patch: fix a NULL pointer dereference in the PKCS12itemdecryptd2iex function. - CVE-2025-69421...

CVE-2026-25939

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on...

CVE-2026-2246

A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the function apriltagdetectordetect of the file apriltag.c. The manipulation leads to memory corruption. The attack must be carried out locally. The exploit has been disclosed...

CVE-2026-2245

A vulnerability was identified in CCExtractor up to 183. This affects the function parsePAT/parsePMT in the library src/libccx/tstables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is...

CVE-2026-2240

A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetcpopfuncdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be use...

Vulnerability fixed in PEAR

PEAR has fixed a vulnerability in version 1.33.0. The vulnerability is in how the pregreplace function handles the /e modifier. This poses a risk of unauthorized code execution, which could compromise the integrity of applications using this framework. The patch fixes this problem by ensuring tha...

PT-2026-7143

Name of the Vulnerable Software and Affected Versions Craft versions 4.0.0-RC1 through 4.16.17 Craft versions 5.0.0-RC1 through 5.8.21 Description The saveAsset GraphQL mutation validates the initial URL hostname and resolved IP against a blocklist, but Guzzle follows HTTP redirects by default...

CVE-2026-25764

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

PT-2026-7010

Name of the Vulnerable Software and Affected Versions r-huijts xcode-mcp-server versions up to f3419f00117aa9949e326f78cc940166c88f18cb Description A command injection issue exists in the registerXcodeTools function within the src/tools/xcode/index.ts file of the run lldb component. Manipulation ...

CVE-2026-22592

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2026-25754

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and...

CVE-2026-25757

Spree (Ruby on Rails) is affected prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2. The root cause is that the OrdersController#show endpoint allows unauthenticated access to view completed guest orders by Order ID, and authorize_access does not enforce proper authorization for guest orders. Thi...