329 matches found
CakePHP 5.3.7 Released
CakePHP 5.3.7 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 5.3.5. This is a maintenance release for the 5.3 branch that fixes community reported issues and three security issues. Advisories will be published for the issues over the next week as...
PT-2026-57370
Name of the Vulnerable Software and Affected Versions Excon versions prior to 1.5.0 Description The RedirectFollower middleware fails to strip sensitive headers when following redirects and lacks a mechanism to define a custom list of headers to be removed. This behavior can lead to the inadverte...
CVE-2026-46726
A flaw was found in the Apache Camel Vertx Websocket component. This vulnerability allows an unauthenticated remote attacker to inject malicious query parameters into a WebSocket connection. This can lead to Server-Side Request Forgery SSRF, where the server is coerced into making requests to...
SUSE SLES12 Security Update : google-osconfig-agent (SUSE-SU-2026:2665-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2665-1 advisory. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header...
Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issues: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. CVE-2026-39827: Update...
SUSE-SU-2026:2665-1 Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issues: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update...
SUSE SLES15 Security Update : google-osconfig-agent (SUSE-SU-2026:2611-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2611-1 advisory. This update for google-osconfig-agent fixes the following issue - CVE-2026-33186: Update google.golang.org/grpc dependency...
SUSE-SU-2026:2611-1 Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issue - CVE-2026-33186: Update google.golang.org/grpc dependency bsc1260264. - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update golang.org/x/crypto dependency bsc1266171. - CVE-2026-39828: Update...
Linux Distros Unpatched Vulnerability : CVE-2026-52846
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy's stripHTML template function cannot reliably remove all HTML tags from...
CVE-2026-52846
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...
CVE-2026-52846
Summary: CVE-2026-52846 affects Caddy's stripHTML template function, which cannot reliably strip certain malformed HTML (e.g., <img src=x onerror=alert()>). This can bypass tag-stripping and may enable client-side XSS when untrusted strings are rendered as HTML. The issue originates in func...
SUSE-SU-2026:2584-1 Security update for exiv2
This update for exiv2 fixes the following issues - CVE-2021-34334: DoS due to integer overflow in loop counter bsc1189338. - CVE-2026-25884: out-of-bounds read in CrwMap: decode0x0805 bsc1259083. - CVE-2026-27596: integer overflow in LoaderNative: getData leads to out-of-bounds read bsc1259084. -...
Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: CVE-2026-39827: Update golang.org/x/crypto dependency bsc1266171. CVE-2026-39828: Update golang.org/x/crypto dependency bsc1266171. CVE-2026-39829: Update golang.org/x/crypto dependency bsc1266171. CVE-2026-39830: Update...
CVE-2026-50184 Angular: Request Credential & Cache Policy Stripping in Angular Service Worker
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...
SUSE-SU-2026:2487-1 Security update for rmt-server
This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...
CVE-2026-56422 MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields
Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...
CVE-2026-56422
CVE-2026-56422 affects MISP core controllers and models where client-controlled fields (ids and ownership/scope keys such as event_id, org_id, user_id, sharing_group_id, galaxy_cluster_uuid, organisation_uuid, etc.) were not consistently stripped or revalidated, enabling an authenticated user to ...
CVE-2026-56422 MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields
Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...
Caddy: stripHTML template function bypass
Summary Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous content in the output if it is later rendered as HTML. This may allow...
FreeBSD : caddy -- multiple vulnerabilities (94f93681-6775-11f1-8044-002590af0794)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 94f93681-6775-11f1-8044-002590af0794 advisory. Caddy project reports: Caddy 2.11.4 contains multiple security fixes. GitHub Security Advisory...