CVE-2026-45688 Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOneid: ... query...

Important: Red Hat Security Advisory: RHOAI 2.25.8 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.25.8 provides these changes:...

Moderate: Red Hat Security Advisory: OpenShift Virtualization v4.20 Images

Red Hat OpenShift Virtualization release v4.20 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

Important: Red Hat Security Advisory: OpenShift Virtualization v4.22 Images

Red Hat OpenShift Virtualization release v4.22 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

Moderate: Red Hat Security Advisory: OpenShift Virtualization v4.19 Images

Red Hat OpenShift Virtualization release v4.19 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fixed a potential out-of-bounds error in ucsiccgupdatesetnewcamcmd The "cmd" variable can be controlled by the user via debugfs. This means that "newcam" can be as high as 255, while the size of the uc-updated array i...

Important: Red Hat Security Advisory: RHOAI 3.5-ea.1 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 3.5-ea.1 provides these changes:...

Important: Red Hat Security Advisory: RHACS 4.10.4 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

Important: Red Hat Security Advisory: RHACS 4.9.8 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

PT-2026-50130

Name of the Vulnerable Software and Affected Versions Remark42 versions 1.6.0 through 1.15.0 Description Remark42 contains a Cross-Site Scripting XSS issue exploitable through content-type spoofing via the image proxy. The proxy fetches a remote URL and re-serves the response from its own origin....

EUVD-2026-36498

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to restrict roleupdated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with guest-level access to observe permission scheme change...

CVE-2026-3433

Mattermost is affected in versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x

CVE-2026-3433 Mattermost fails to scope role_updated websocket events to authorized team and channel members

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to restrict roleupdated websocket event broadcasts to members of the affected team or channel which allows an authenticated attacker with guest-level access to observe permission scheme change...

Updated gnupg2 packages fix security vulnerabilities

CVE-2025-68973, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. CVE-2026-24882, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC key...

Important: Red Hat Security Advisory: RHOAI 2.25.7 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.25.7 provides these changes:...

CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.10.3 security update

The multicluster engine for Kubernetes 2.10 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.10 images The multicluster engine for Kubernetes provides the foundational components that a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21 CNF IBU extras update

An update for ibu components is available for Red Hat OpenShift Container Platform 4.21. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra ibu container...

CVE-2026-10285

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

CVE-2026-35401

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can include many GraphQL mutations or queries in a single API call using aliases or chaining multiple mutations, resulting in resource exhaustion. This vulnerability is fixed in...