PT-2026-6296

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with ICC color management profiles. A stack-based buffer overflow exists in the icFixXml function when processing malformed ICC profiles. This...

PT-2026-6447

Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...

ROOT-OS-UBUNTU-2404-CVE-2026-24882 CVE-2026-24882 in rootio-gnupg2 - Patched by Root

Root has patched CVE-2026-24882 in the rootio-gnupg2 package for Root:Ubuntu:24.04. Multiple fixed versions available...

BIT-DISCOURSE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change

Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change restrictions, allowing a takeover of non-staff accounts. This issue is patched in versions 3.5.4...

BIT-DISCOURSE-2025-68933 Discourse non-admin moderators can exfiltrate private content via post ownership transfer

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the moderatorschangepostownership setting enabled can change ownership of posts in private messages and restricted categories they cannot access, then export...

Wear OS Security Bulletin—February 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2026-02-05 or later from the February 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage al...

dirmngr-2.5.17-1.1 on GA media (moderate)

dirmngr-2.5.17-1.1 on GA media Announcement ID: openSUSE-SU-2026:10112-1 Rating: moderate Cross-References: CVE-2026-24881 CVE-2026-24882 CVE-2026-24883 CVSS scores: CVE-2026-24881 SUSE : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-24881 SUSE : 8.7...

CVE-2026-1684

A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcpreports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. The attack can be executed remotely. It is advisable to...

EUVD-2026-4966

Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac...

CVE-2026-1682

A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The...

ROOT-OS-DEBIAN-12-CVE-2025-68276 CVE-2025-68276 in rootio-avahi - Patched by Root

Root has patched CVE-2025-68276 in the rootio-avahi package for Root:Debian:12. Multiple fixed versions available...

Photon OS 5.0: Grub2 PHSA-2026-5.0-0742

An update of the grub2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0742. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Net PHSA-2026-4.0-0946

An update of the net package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0946. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid29724...

Photon OS 5.0: Linux PHSA-2026-5.0-0745

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0745. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2026-25117

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

ROOT-OS-DEBIAN-12-CVE-2026-22693 CVE-2026-22693 in rootio-harfbuzz - Patched by Root

Root has patched CVE-2026-22693 in the rootio-harfbuzz package for Root:Debian:12. Multiple fixed versions available...

Security update for python

This update for python fixes the following issues: Modified CVE-2025-6075 fix to not use re.ASCII flag not available in Python 2.7 bsc1257064. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...

CVE-2026-24888

Maker.js (makerjs.extendObject) is vulnerable to unsafe property copying. The function iterates with for...in without hasOwnProperty() checks and fails to filter dangerous keys, enabling inherited or crafted properties (e.g., proto ) to be copied to targets. This prototype-pollution risk is docum...

CVE-2026-23743

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

CVE-2026-24742

Discourse (open‑source discussion platform) is affected in CVE-2026-24742 for versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. The issue allows non‑admin moderators to view sensitive data in staff action logs that should be restricted to administrators, exposing webhook URLs and secre...