PT-2026-4706

Look at the security patch preview section of https://t.co/ySklSke3uy. These are from the upcoming patch levels: Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044 High: CVE-2025-22424, CVE-2025-22426, CVE-2025-32348, CVE-2025-48561, CVE-2025-48615,...

PT-2026-4692

In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-4696

In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

AZL-75207 CVE-2026-24401 affecting package avahi for versions less than 0.8-7

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonica...

OPENSUSE-SU-2026:20103-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 144.0.7559.96 boo1257011 CVE-2026-1220: Race in V8 - update INSTALL.sh to handle the addded tags in the desktop file boo1256938...

CVE-2026-24474

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...

CVE-2026-24474 Dioxus Components has JavaScript injection via user-supplied IDs

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...

CVE-2026-24128 XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through 17.7.0 contain a reflected Cross-site Scripting XSS vulnerability, which allows an attacker to...

CVE-2026-24128

CVE-2026-24128 affects XWiki Platform and related distributions. Concrete details across sources: vulnerable versions of XWiki Platform (7.0-milestone-2 up to 16.10.11; 17.0.0-rc-1 up to 17.4.4; 17.5.0-rc-1 up to 17.7.0) are susceptible to a reflected XSS via crafted URLs, enabling actions with t...

OESA-2026-1227 net-snmp security update

Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6. The suite includes: Security Fixes: net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd...

OESA-2026-1213 opencc security update

Opencc is for between Traditional Chinese and Simplified Chinese characters and phrases conversion library. Security Fixes: A vulnerability was found in BYVoid OpenCC up to 1.1.9 and classified as critical. Using CWE to declare the problem leads to CWE-122. A heap overflow condition is a buffer...

Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. CVE-2025-40204: sctp: Fix MAC comparison to be constant-time...

Security update for dpdk

This update for dpdk fixes the following issues: Update to version 24.11.4: CVE-2025-23259: Fixed an attacker on a VM in the system can cause information disclosure and denial of service bsc1254161. Changelog: https://doc.dpdk.org/guides-24.11/relnotes/release2411.htmlid10...

Security update for python-virtualenv

This update for python-virtualenv fixes the following issues: CVE-2026-22702: Fixed local attacker can redirect file operations via TOCTOU race condition bsc1256458. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Azure Linux 3.0 Security Update: kernel (CVE-2025-23145)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23145 advisory. - In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in...

Azure Linux 3.0 Security Update: xz (CVE-2025-31115)

The version of xz installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-31115 advisory. - XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to...

corepack22-22.22.0-1.1 on GA media (moderate)

corepack22-22.22.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10074-1 Rating: moderate Cross-References: CVE-2025-55130 CVE-2025-55131 CVE-2025-55132 CVE-2025-59465 CVE-2025-59466 CVE-2026-21637 CVE-2026-22036 CVSS scores: CVE-2025-55130 SUSE : 8.1...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42245)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42245 advisory. - In the Linux kernel, the following vulnerability has been resolved: Revert sched/fair: Make sure to try to...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37994)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37994 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL...

GHSA-PCHF-49FH-W34R Soft Serve Affected by an Authentication Bypass

Impact What kind of vulnerability is it? Who is impacted? This issue impacts every Soft Serve instance. A critical authentication bypass allows an attacker to impersonate any user including Admin by "offering" the victim's public key during the SSH handshake before authenticating with their own...