104 matches found
CVE-2026-49866
CVE-2026-49866 affects the JavaScript libp2p implementation, specifically the @libp2p/gossipsub component. The root cause is defaultDecodeRpcLimits allowing maxIhaveMessageIDs and maxIwantMessageIDs to be Infinity prior to v16.0.0, enabling oversized IHAVE/IWANT control message arrays in message/...
EUVD-2026-40888
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blockid' and other shortcode attributes of the 'givewpcampaigncomments' shortcode in versions up to, and including, 4.16.0. This is due to insufficient input sanitizati...
CVE-2026-54414
FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...
EUVD-2026-34008
wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter than 16 bytes, the Wire iOS client crashes. The crash is triggered automatically after message receiv...
PT-2026-45830
wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter than 16 bytes, the Wire iOS client crashes. The crash is triggered automatically after message receiv...
Security update for openjpeg2 (important)
openSUSE security update: security update for openjpeg2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20842-1 Rating: important References: bsc1247650 Cross-References: CVE-2025-54874 CVSS scores: CVE-2025-54874 SUSE : 7...
CVE-2026-42333
CVE-2026-42333 affects Quarkus OpenAPI Generator. The issue: the generated authentication filter can match OpenAPI path templates too broadly, causing a security scheme for one operation to be applied to a different, similarly-named operation. This can cause bearer tokens, API keys, or basic cred...
Security update for libsodium (moderate)
openSUSE security update: security update for libsodium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20642-1 Rating: moderate References: bsc1255764 bsc1256070 Cross-References: CVE-2025-15444 CVE-2025-69277 CVSS scores: CVE-2025-15444 SUSE : 6.8...
Security update for openexr (important)
openSUSE security update: security update for openexr ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20652-1 Rating: important References: bsc1262425 bsc1262426 Cross-References: CVE-2026-40244 CVE-2026-40250 CVSS scores: CVE-2026-40244 SUSE : 7.8...
Security update for xwayland (important)
openSUSE security update: security update for xwayland ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20560-1 Rating: important References: bsc1260922 bsc1260923 bsc1260924 bsc1260925 bsc1260926 Cross-References: CVE-2026-33999 CVE-2026-34000...
Security update for glibc (important)
openSUSE security update: security update for glibc ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20501-1 Rating: important References: bsc1258319 bsc1260078 bsc1260082 Cross-References: CVE-2026-4437 CVE-2026-4438 CVSS scores: CVE-2026-4437 SUSE ...
PT-2026-32601
Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...
Security update for cockpit-repos (important)
openSUSE security update: security update for cockpit-repos ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20464-1 Rating: important References: bsc1258637 Cross-References: CVE-2026-26996 CVSS scores: CVE-2026-26996 SUSE : 7.5...
Security update for expat (important)
openSUSE security update: security update for expat ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20448-1 Rating: important References: bsc1259711 bsc1259726 bsc1259729 Cross-References: CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVSS scores:...
CLEANSTART-2026-VX40916 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-9h8m-3fm2-qjrq applied in versions: 0.16.0-r0
Multiple security vulnerabilities affect the kserve package. These issues are resolved in later releases. See references for individual vulnerability details...
Security update for tomcat11 (important)
openSUSE security update: security update for tomcat11 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20414-1 Rating: important References: bsc1253460 bsc1258371 bsc1258385 bsc1258387 Cross-References: CVE-2025-66614 CVE-2026-24733 CVE-2026-24734...
Security update for vim (important)
openSUSE security update: security update for vim ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20403-1 Rating: important References: bsc1246602 bsc1258229 bsc1259051 Cross-References: CVE-2025-53906 CVE-2026-26269 CVE-2026-28417 CVSS scores:...
CVE-2026-33875
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...
CVE-2026-33874
Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...
Security update for protobuf (moderate)
openSUSE security update: security update for protobuf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20390-1 Rating: moderate References: bsc1244663 bsc1244918 bsc1257173 Cross-References: CVE-2025-4565 CVE-2026-0994 CVSS scores: CVE-2025-4565 SUS...