22070 matches found
PT-2026-52585
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A critical extension bypass exists in the ParseCRL Extensions function. The issue occurs when critical extensions in a Certificate Revocation List CRL—a list of...
PT-2026-52572
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where an un-negotiated Raw Public Key RPK, as defined in RFC 7250, is accepted instead of an X.509 certificate, allowing the bypass of chain...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fixed an issue with the irq assumption regression. The code in bmc150-accel-core.c unconditionally calls bmc150accelsetinterrupt in the iiobuffersetupops. This occurs, for example, during the runtime PM resume...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: removed WARNONONCE when accessing the forward path array. Although unlikely, recent support for IPIP tunnels increases the chances of encountering this WARNONONCE if the user space manages to create a sufficiently long forwa...
Astra Linux – Vulnerability in Firefox and Thunderbird
A use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
CVE-2026-12242
The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 5.17.7 via the 'banner' attribute of the adrotate shortcode. This is due to insufficient input validation and sanitization of the banner shortcode attribute before...
CVE-2026-12242
CVE-2026-12242 affects the WordPress AdRotate Banner Manager plugin up to version 5.17.7. The vulnerability is PHP Code Injection via the banner attribute of the adrotate shortcode, caused by insufficient validation and sanitization before concatenation into a PHP code string wrapped in W3 Total ...
CVE-2026-52916
In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...
Oracle Linux 9 : cockpit (ELSA-2026-21468)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-21468 advisory. 356.2-1.0.1 - Apply the patch for duplicate reference Orabug: 39250109 - Storage: Enable btrfs support Orabug: 37464632 - Replaced upstream urls in documentati...
OPENSUSE-SU-2026:21155-1 Security update for hamlib
This update for hamlib fixes the following issues: Changes in hamlib: - Update to 4.7.2: Fix IC-7600/IC-7610 clock commands Icom: Add CWR to modes eligible for DSP filtering Kenwood: New model Hamgeek uSGX Various fixes for Skywatcher, DX-SR8, FT-710, FTX-1, IC-705, X6100 rigctld: Fix sendraw sta...
SUSE-SU-2026:2584-1 Security update for exiv2
This update for exiv2 fixes the following issues - CVE-2021-34334: DoS due to integer overflow in loop counter bsc1189338. - CVE-2026-25884: out-of-bounds read in CrwMap: decode0x0805 bsc1259083. - CVE-2026-27596: integer overflow in LoaderNative: getData leads to out-of-bounds read bsc1259084. -...
OPENSUSE-SU-2026:21154-1 Security update for ofono
This update for ofono fixes the following issues: Changes in ofono: - Reference the tracking bugs for the SMS/STK/USSD decoder security fixes applied upstream across the 2.14-2.17 updates: SMS decoder stack buffer overflows: CVE-2023-2794 boo1218292, CVE-2023-4232 boo1218293, CVE-2023-4233...
OPENSUSE-SU-2026:21038-1 Security update for 7zip
This update for 7zip fixes the following issues Update to 26.01: - CVE-2026-48092: Information disclosure in 32-bit builds due to heap memory disclosure bsc1267858. - CVE-2026-48095: Heap buffer overflow via NTFS compressed stream buffer under-allocation bsc1267421. - CVE-2026-48101: Information...
CVE-2026-56315
CVE-2026-56315 affects the Python tool picklescan until version 1.0.4, which fails to block imports from at least seven standard library modules (e.g., uuid, _osx_support, _aix_support, _pyrepl.pager, imaplib). This allows adversaries to craft pickle files that import these unblocked modules to t...
OPENSUSE-SU-2026:21151-1 Security update for warewulf4
This update for warewulf4 fixes the following issues: Changes in warewulf4: - updated go-jose to fix CVE-2026-34986 bsc1262810 - chi is fixed in the upstream project - updating to v4.7.0 with following security fixes fixed CVE-2026-39821 bsc1266483 fixed CVE-2026-33814 bsc1265653 - v4.7.0 with...
CVE-2026-44170
A flaw was found in MariaDB server. When the CONNECT engine is installed and REST support is enabled on Windows, a user can exploit improper sanitization of the table HTTP attribute. This attribute is interpolated into the curl command line, allowing for arbitrary shell command execution on the...
Security update for hamlib (important)
openSUSE Security Update: Security update for hamlib Announcement ID: openSUSE-SU-2026:0212-1 Rating: important References: 1268628 1268629 Cross-References: CVE-2026-54634 Affected Products: openSUSE Backports SLE-15-SP7 An update that solves one vulnerability and has one errata is now available...
Moderate: Red Hat Security Advisory: crun security update
An update for crun is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
CVE-2026-47210
A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This sandbox escape vulnerability allows an attacker to execute arbitrary code in the host process. This occurs when untrusted code is executed with asynchronous async support on runtimes that expose WebAssembly...
Important: Red Hat Security Advisory: postgresql16 security update
An update for postgresql16 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...