SUSE-SU-2026:1940-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

SUSE CVE-2026-24677

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecamencodercompressh264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in swsscale. This vulnerability is fixed in 3.22.0...

CVE-2026-24677 FreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h264

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecamencodercompressh264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in swsscale. This vulnerability is fixed in 3.22.0...

CVE-2026-24677

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecamencodercompressh264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in swsscale. This vulnerability is fixed in 3.22.0...

PT-2026-7036

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.22.0 Description FreeRDP, a Remote Desktop Protocol implementation, contains a flaw in the ecam encoder compress h264 component. The component does not properly validate the source buffer size and relies on dimensio...

EUVD-2006-2115

Malware in sbrugna...

EUVD-2002-2348

Malware in sbrugna...

EUVD-2006-2116

Malware in sbrugna...

EUVD-2025-26409

Malicious code in bioql PyPI...

Malicious code in @zalastax/nolb-_sws (npm)

The package @zalastax/nolb-sws was found to contain malicious code...

MAL-2025-43076 Malicious code in @zalastax/nolb-_sws (npm)

The package @zalastax/nolb-sws was found to contain malicious code...

CVE-2025-57615

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. The vulnerability stems from an unchecked cast of a usize parameter to cint,...

CVE-2025-57615

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. The vulnerability stems from an unchecked cast of a usize parameter to cint,...

CVE-2025-57615

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. The vulnerability stems from an unchecked cast of a usize parameter to cint,...

CVE-2025-57615

The CVE-2025-57615 entry concerns rust-ffmpeg 0.3.0 (post-commit 5ac0527). The issue is an integer overflow in Vector::new caused by unchecked casting of a usize to c_int, which can pass a negative value to sws_allocVec(), potentially enabling a denial of service via a null pointer dereference. R...

CVE-2002-2370

SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause a denial of service crash via a URL request that does not end with a newline...

Simple Web Server 2.3-RC1 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Simple Web Server 2.3-RC1 Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Simple Web...

CVE-2024-32966

Static Web Server SWS is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code...

sws-georgenthal.de Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1145282 Security Researcher Hchabik Helped patch 2424 vulnerabilities Received 5 Coordinated Disclosure badges Received 2 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting sws-georgenthal.de website...

sws-plastics.ch XSS vulnerability

Open Bug Bounty ID: OBB-441928 Description| Value ---|--- Affected Website:| sws-plastics.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...