SUSE SLES12 Security Update : google-cloud-sap-agent (SUSE-SU-2026:1195-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1195-1 advisory. This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: - CVE-2026-33186:...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006664)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006664 advisory. In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: avoid invalid memory access via nodeonlineNUMANONODE KASAN reports: 4.668325 T0 BUG:...

CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.4), com.instaclustr:ic-sstable-tools-5.0.6 (=1.0.0) +3 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.6)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =5.0.4.0, =5.0.4.0, =3.0.2, =3.0.4 Source cves: CVE-2026-32588 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-15954234...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.4), com.instaclustr:ic-sstable-tools-5.0.6 (=1.0.0) +3 more potentially affected by CVE-2026-27314 via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.6)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =5.0.4.0, =5.0.4.0, =3.0.2, =3.0.4 Source cves: CVE-2026-27314 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-15954242...

CVE-2026-35489

Tandoor Recipes CVE-2026-35489 affects the POST /api/food/{id}/shopping/ endpoint. Before version 2.6.4, the handler reads amount and unit directly from request.data and passes them to ShoppingListEntry.objects.create() without validation, which can cause an unhandled exception (HTTP 500) for non...

CVE-2026-35489 Tandoor Recipes — `amount`/`unit` bypass serializer in `food/{id}/shopping/`

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

EUVD-2026-19674

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

CVE-2026-35489 Tandoor Recipes — `amount`/`unit` bypass serializer in `food/{id}/shopping/`

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

Year in Review: Vulnerabilities old and new and something React2

Speed and age shouldn't be allowed to pair up, but that is the theme of the Talos 2025 Year in Review vulnerability findings. Figure 1. React/React2Shell 2025 at the top, with PHPUnit 2017 and Log4j 2021 following up. The year was characterized by an unending beat-down on infrastructure that reli...

org.apache.activemq:activemq-http (>=6.0.0 <=6.2.1), org.apache.activemq:activemq-karaf (>=6.0.0 <=6.2.1) +4 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-mqtt (>=6.0.0 <=6.2.1)

org.apache.activemq:activemq-mqtt MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.1 Source cves: CVE-2026-33227 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15930952...

Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260265. Changelog: Collect WLM metric...

Linux Distros Unpatched Vulnerability : CVE-2026-23435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perf/x86: Move event pointer setup earlier in x86pmuenable A production AMD EPYC system crashed with a NULL pointer dereference in the PMU NMI handler: BUG:...

PT-2026-30862

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/id/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create. Invalid amount...

Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.4 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/food/id/shopping/ endpoint directly readi...

CVE-2026-21372 Heap-Based Buffer Overflow in Power Management IC

Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations...

CVE-2026-30078

OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent with successfulOutcome...

EUVD-2026-19199

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...

CVE-2026-31405

CVE-2026-31405 : Linux kernel media/dvb-net vulnerability — OOB read in ULE extension header tables due to 255-element lookup arrays; bounds check added for htype to ensure out-of-range SNDU is discarded. This resolves a kernel-wide issue and is reflected in OSV advisories (e.g., Root: Debian 11/...

CVE-2026-31405

In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ulemandatoryexthandlers and uleoptionalexthandlers tables in handleoneuleextension are declared with 255 elements valid indices 0-254, but the index htype is deriv...