SUSE-SU-2026:2120-1 Security update for docker-stable

This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory bsc1260967. - CVE-2026-33748: github.com/moby/buildkit: insufficient validation of...

Vulnerabilities are handled in GitLab Community Edition and Enterprise Edition

GitLab has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition, specifically in versions 12.7 through 18.10.7, 18.11 through 18.11.4, and 19.0 through 19.0.1. These vulnerabilities relate to various aspects of authentication, authorization, and validation...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : GnuTLS vulnerabilities (USN-8284-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8284-1 advisory. Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remot...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

Code-Projects Simple Chat System 注入漏洞

Code-Projects Simple Chat System is an easy-to-use chat system developed by Code-Projects as open source. Version 1.0 of Code-Projects Simple Chat System has a SQL injection vulnerability, which arises from the validations of the parameters type/length/business in the sendMessage.php file,...

PT-2026-38182

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient data validation in DataTransfer allows a remote attacker who has compromised the renderer process to perform arbitrary read and write operations via a crafted HTML page...

Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3265 (ALAS-2026-3265)

The version of nerdctl installed on the remote host is prior to 2.2.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3265 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

Palo Alto Networks Autonomous Digital Experience Manager 安全漏洞

Palo Alto Networks Autonomous Digital Experience Manager is an artificial intelligence-based platform for monitoring and analyzing terminal and network experiences developed by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Autonomous Digital Experience Manager, which...

CVE-2025-24819

CVE-2025-24819 : Nokia MantaRay NM’s Software Manager is vulnerable to a Relative Path Traversal due to improper validation of input on the file system. The connected sources corroborate this description; however, no product version, affected component details, exploit information, or remediation...

BMC FootPrints 代码问题漏洞

BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the searchWeb API component, where blind server-side request...

IPFire 跨站脚本漏洞

IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. Version 127 of IPFire 2.21 Core Update contains a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of KEY1, IP, HOST, or DOM...

WeKan 安全漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.19 contained security vulnerabilities. These vulnerabilities stemmed from the insufficient validation of the consistency and relevance of the provided identifiers by the attachment upload API, which cou...

OpenSSL security vulnerabilities

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

MiracleLinux 7 : rh-mariadb105-galera-26.4.11-1.el7, rh-mariadb105-mariadb-10.5.16-2.el7 (AXSA:2022-3624:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3624:01 advisory. mariadb: convertconsttoint use-after-free when the BIGINT data type is used CVE-2021-46669 mariadb: lack of proper validation of the length of...

CVE-2026-0403 Insufficient input validation in NETGEAR Orbi routers

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by an improper input validation due to Apache Commons HttpClient

Summary Apache Commons HttpClient is used by IBM Operations Analytics - Log Analysis as part of the standards-based Java library for executing HTTP requests. CVE-2012-6153, CVE-2012-5783. Vulnerability Details CVEID:CVE-2012-6153 DESCRIPTION: http/conn/ssl/AbstractVerifier.java in Apache Commons...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46757)

hwmon: nct6775-core underflows seen when writing limit attributes DIVROUNDCLOSEST after kstrtol results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

Security update for bind

This update for bind fixes the following issues: CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found bsc1252378. CVE-2025-40778: Address various spoofing attacks bsc1252379. CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380. Patch...

CVE-2025-41103 Multiple vulnerabilities in Fairsketch's RISE CRM Framework

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'replymessage' in '/messages/reply'...