SUSE-SU-2026:2117-1 Security update for postgresql14

This update for postgresql14 fixes the following issues Update to version 14.23. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...

SUSE-SU-2026:1999-1 Security update for postgresql15

This update for postgresql15 fixes the following issues Update to version 15.18. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...

openSUSE 16 Security Update : openCryptoki (openSUSE-SU-2026:20699-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20699-1 advisory. This update for openCryptoki fixes the following issues Security issue: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects...

Security update for openCryptoki (moderate)

openSUSE security update: security update for opencryptoki ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20699-1 Rating: moderate References: bsc1262283 bsc1263819 Cross-References: CVE-2026-40253 Affected Products: openSUSE Leap 16.0...

OPENSUSE-SU-2026:20699-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues Security issue: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects bsc1262283. Non security issue: - Refactored .spec file to fully support transactional and immutable operating systems jscPED-14609: Migrated user...

SUSE-SU-2026:21575-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues Security issue: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects bsc1262283. Non security issue: - Refactored .spec file to fully support transactional and immutable operating systems jscPED-14609: Migrated user...

openSUSE 16 Security Update : clamav (openSUSE-SU-2026:20479-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20479-1 advisory. Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial...

OPENSUSE-SU-2026:20479-1 Security update for clamav

This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support...

SUSE SLES12 Security Update : clamav (SUSE-SU-2026:1324-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1324-1 advisory. Update to clamav 1.5.2: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : clamav (SUSE-SU-2026:1325-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1325-1 advisory. Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module...

Security update for clamav

This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: Support...

SUSE-SU-2026:1324-1 Security update for clamav

This update for clamav fixes the following issues: Update to clamav 1.5.2: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support transactional updates...

CVE-2026-35460 Papra has an HTML Injection in Transactional Emails via Unescaped User Display Name

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. An attacker who registers with a display name containing HTML tags will have those tags injected...

CVE-2026-35460

Papra (document management platform) is affected by an HTML injection in transactional emails prior to version 26.4.0, where user.display name is interpolated into email HTML without escaping. An attacker registering with a display name containing HTML could inject tags into verification and pass...

Papra 安全漏洞

Papra is an open-source document management and archiving platform developed by Papra itself. Versions of Papra prior to 26.4.0 contained security vulnerabilities. These vulnerabilities stemmed from transactional email templates that directly inserted user.name into HTML without escaping or...

CVE-2026-32602 Homarr has a Race Condition in Invite Token Registration (TOCTOU)

Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint /api/trpc/user.register is vulnerable to a race condition that allows an attacker to create multiple user accounts from a single-use invite token. The registration flow performs three sequential database operation...

RUSTSEC-2026-0078 Symbol confusion after hasher panic in `intaglio` interners

Affected versions of this crate can leave all SymbolTable variants in an internally inconsistent state if a custom BuildHasher panics during HashMap::insert and the caller recovers with catchunwind. The intern implementations committed a vec.push... before the matching map.insert... completed. If...

Symbol confusion after hasher panic in `intaglio` interners

Affected versions of this crate can leave all SymbolTable variants in an internally inconsistent state if a custom BuildHasher panics during HashMap::insert and the caller recovers with catchunwind. The intern implementations committed a vec.push... before the matching map.insert... completed. If...

Security update for clamav

This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: Support...

CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...