EUVD-2026-31987

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint /api/trigger/v1/webhook/triggerid is accessible without authentication. The WebhookAuth class unconditionally returns None, , which Django REST Framework interprets as successful authentication...

EUVD-2024-42170

Malicious code in bioql PyPI...

CVE-2025-59270

psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.2...

DLA-4168-1 openafs - security update

Bulletin has no description...

CVE-2025-30373 Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong value

Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP...

MGASA-2025-0118 Updated chromium-browser-stable packages fix security vulnerability

Use after free in Lens. CVE-2025-2476...

CVE-2025-24884 kube-audit-rest's example logging configuration could disclose secret values in the audit log

kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16...

CVE-2024-57807 scsi: megaraid_sas: Fix for a potential deadlock

In the Linux kernel, the following vulnerability has been resolved: scsi: megaraidsas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1 ---- ---- lock&instance-resetmutex; lock&shost-scanmutex; lock&instance-resetmutex;...

DLA-3998-1 python-urllib3 - security update

Bulletin has no description...

OPENSUSE-SU-2024:13872-1 java-17-openjdk-17.0.11.0-1.1 on GA media

These are all security issues fixed in the java-17-openjdk-17.0.11.0-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE-SU-2024:1146-1 Security update for podman

This update for podman fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. bsc1221677...

SUSE-SU-2023:3094-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2023-32681: fixed unintended leak of Proxy-Authorization header bsc1211674...

GSD-2023-1001850 ovl: Use "buf" flexible array for memcpy() destination

ovl: Use "buf" flexible array for memcpy destination This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.11 by commit...

GSD-2022-1005491 drm/meson: Fix overflow implicit truncation warnings

drm/meson: Fix overflow implicit truncation warnings This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.63 by commit...

GSD-2022-1005457 venus: pm_helpers: Fix warning in OPP during probe

venus: pmhelpers: Fix warning in OPP during probe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.63 by commit...

GSD-2022-1005453 netfilter: flowtable: fix stuck flows on cleanup due to pending work

netfilter: flowtable: fix stuck flows on cleanup due to pending work This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.64 by commit...

GSD-2022-1005050 netfilter: flowtable: fix stuck flows on cleanup due to pending work

netfilter: flowtable: fix stuck flows on cleanup due to pending work This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.6 by commit...

MGASA-2022-0327 Updated dpkg packages fix security vulnerability

A malicious source package could write files outside the unpack directory. CVE-2022-1664...

SUSE-SU-2022:3247-1 Security update for bluez

This update for bluez fixes the following issues: - CVE-2022-0204: Fixed check if the prepare writes would append more than the allowed maximum attribute length bsc1194704...

GSD-2022-1004440 net: bonding: fix use-after-free after 802.3ad slave unbind

net: bonding: fix use-after-free after 802.3ad slave unbind This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.53 by commit...