CLSA-2026-1778489316 java-1.8.0-openjdk: Fix of 8 CVEs

Update to shenandoah-jdk8u492-b09 - Security fixes from OpenJDK 8u492-b09: - CVE-2026-22003: enhance behavior of some intrinsics - CVE-2026-22007: enhance crypto algorithm support - CVE-2026-22013: improve Kerberos credentialing - CVE-2026-22018: enhance Zip file reading - CVE-2026-22021: enhance...

CVE-2025-43534

The CVE-2025-43534 issue is a path-handling flaw in iOS/iPadOS that was addressed by validation improvements. It affects iOS 18.7.7 and iPadOS 18.7.7, as well as iOS 26.2 and iPadOS 26.2, where a user with physical access could potentially bypass Activation Lock. The available connected sources c...

EUVD-2025-208977

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock...

CVE-2025-43537

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. Restoring a maliciously crafted backup file may lead to modification of protected system files...

EUVD-2025-206272

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment...

PT-2025-28016 · Mediawiki · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - SecurePoll extension versions 1.39.X through 1.39.12 Mediawiki - SecurePoll extension versions 1.42.X through 1.42.6 Mediawiki - SecurePoll extension versions 1.43.X through 1.43.1 Description: The issue affects the Mediawiki -...

PT-2025-16141 · Mediawiki · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - Extension:SimpleCalendar versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Cross-Site Scripting XSS in the Mediawiki - Extension:SimpleCalendar. Recommendations:...

PT-2025-16143 · Unknown +1 · Growthexperiments +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - GrowthExperiments versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability, which allows for HTTP Denial of Service DoS. This vulnerability affects the Mediawiki - GrowthExperiment...

PT-2025-16139 · Mediawiki · Mediawiki - Tabs Extension

Name of the Vulnerable Software and Affected Versions: Mediawiki - Tabs Extension versions 1.39 through 1.43 Description: The issue is related to an Improper Input Validation vulnerability that allows Code Injection in the Mediawiki - Tabs Extension. Recommendations: For versions 1.39 through 1.4...

CVE-2025-32380 Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively...

Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries

Impact In a Kubernetes environment, Ratify can be configured to authenticate to a private Azure Container Registry ACR. The Azure workload identity and Azure managed identity authentication providers are configured in this setup. Users that configure a private ACR to be used with the Azure...

PT-2025-7047

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.12.10 and earlier, 2.13.x versions prior to 2.13.6 Description The issue is a stack-based buffer overflow in the xmlSnprintfElements function in valid.c. To exploit this, DTD validation must occur for an untrusted document o...

DEBIAN-CVE-2024-47764

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

PT-2024-2756 · Mysql2 · Mysql2

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.4 Description: The issue is related to the readCodeFor function in the mysql2 package, which is vulnerable to Remote Code Execution RCE due to improper validation of the supportBigNumbers and bigNumberStrings...

PT-2023-27786 · Hcaptcha +1 · Hcaptcha +1

Name of the Vulnerable Software and Affected Versions: hCaptcha for EXT:form extension versions prior to 2.1.2 for TYPO3 Description: An issue was discovered in the hcaptcha extension, where it fails to check that the required captcha field is submitted in the form data, allowing a remote user to...

PT-2023-22854 · Smr · Smr

Name of the Vulnerable Software and Affected Versions: Transaction versions prior to SMR Jul-2023 Release 1 Description: The issue is related to improper input validation, allowing local attackers to launch privileged activities. Recommendations: For versions prior to SMR Jul-2023 Release 1, upda...

PT-2022-7005

Name of the Vulnerable Software and Affected Versions Apple tvOS versions prior to 15.5 Apple iOS versions prior to 15.5 Apple iPadOS versions prior to 15.5 Apple watchOS versions prior to 8.6 Apple macOS Big Sur versions prior to 11.6.6 Apple macOS Monterey versions prior to 12.4 Apple macOS...

CVE-2021-30990

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks...