EUVD-2026-5226

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized password changes and...

EUVD-2026-5228

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...

CVE-2026-24667 Open eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account Access

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...

CVE-2026-24667 Open eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account Access

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...

CVE-2026-24667

CVE-2026-24667 concerns the Open eClass platform (formerly GUnet eClass). Before version 4.2, the system failed to invalidate active user sessions after a password change, allowing existing session tokens to remain usable and potentially granting unauthorized continued access to user accounts. Th...

CVE-2026-24673 Open eClass Has File Upload Filter Bypass via ZIP Archive Extraction

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnerability allows attackers to upload files with prohibited extensions by embedding them inside ZIP archives and extracting them using the...

CVE-2026-24671 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in Multiple High-Privilege User Fields

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

CVE-2026-24670 Open eClass Has Broken Access Control in Course Units Module Allows Students to Create Units

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...

Security update for libsodium

This update for libsodium fixes the following issues: CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. CVE-2025-69277: Fixed incorrect validation of elliptic curve points in cryptocoreed25519isvalidpoint function bsc1255764. Patch Instructions: T...

CVE-2026-1738

A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwctunneladd of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be executed remotely. The exploit has been published...

CVE-2025-11261 Stored i18n XSS exposed by security patch for T402077

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from before 1.39.15,...

CVE-2025-11261 Stored i18n XSS exposed by security patch for T402077

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from before 1.39.15,...

Security update for chromium (moderate)

openSUSE security update: security update for chromium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20156-1 Rating: moderate References: bsc1257404 Cross-References: CVE-2026-1504 Affected Products: openSUSE Leap 16.0...

PT-2026-6296

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with ICC color management profiles. A stack-based buffer overflow exists in the icFixXml function when processing malformed ICC profiles. This...

PT-2026-6447

Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...

ROOT-OS-UBUNTU-2404-CVE-2026-24882 CVE-2026-24882 in rootio-gnupg2 - Patched by Root

Root has patched CVE-2026-24882 in the rootio-gnupg2 package for Root:Ubuntu:24.04. Multiple fixed versions available...

BIT-DISCOURSE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change

Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...

BIT-DISCOURSE-2025-68933 Discourse non-admin moderators can exfiltrate private content via post ownership transfer

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the moderatorschangepostownership setting enabled can change ownership of posts in private messages and restricted categories they cannot access, then export...

Wear OS Security Bulletin—February 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2026-02-05 or later from the February 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage al...

dirmngr-2.5.17-1.1 on GA media (moderate)

dirmngr-2.5.17-1.1 on GA media Announcement ID: openSUSE-SU-2026:10112-1 Rating: moderate Cross-References: CVE-2026-24881 CVE-2026-24882 CVE-2026-24883 CVSS scores: CVE-2026-24881 SUSE : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-24881 SUSE : 8.7...