SUSE CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005443)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005443 advisory. In the Linux kernel, the following vulnerability has been resolved: lwt: Fix return values of BPF xmit ops BPF encap ops can return different types of positive value...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python311 (SUSE-SU-2026:0767-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0767-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005713)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005713 advisory. In the Linux kernel, the following vulnerability has been resolved: lwt: Fix return values of BPF xmit ops BPF encap ops can return different types of positive value...

UBUNTU-CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...

CVE-2026-1674

The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

CVE-2025-50186

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file e.g., .csv that leads to JavaScript execution when viewed by...

CVE-2025-52468

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows...

PT-2026-22921

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The f2fs file system in the Linux kernel contains a flaw related to out-of-bounds memory access and incorrect handling of integer values when reading and writing sysfs attributes...

SUSE SLED15 / SLES15 Security Update : python313 (SUSE-SU-2026:0642-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0642-1 advisory. Update to Python 3.13.12 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and...

SUSE SLES12 Security Update : python3 (SUSE-SU-2026:0645-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0645-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. -...

SUSE SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2026:0644-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0644-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable...

GHSA-62F6-MRCJ-V8H5 OpenClaw's runtime /debug override path accepted prototype-reserved keys

Summary OpenClaw accepted prototype-reserved keys in runtime /debug set override object values proto, constructor, prototype. Impact /debug is disabled by default, and exploitation requires an already authorized /debug set caller. No unauthenticated vector was identified. This issue affects runti...

OpenClaw Improperly Neutralizes Line Breaks in systemd Unit Generation Enables Local Command Execution (Linux)

Summary A command injection vulnerability exists in OpenClaw’s Linux systemd unit generation path. When rendering Environment= entries, attacker-controlled values are not rejected for CR/LF, and systemdEscapeArg uses an incorrect whitespace-matching regex. This allows newline injection to break o...

GHSA-5H2C-8V84-QPVR OpenClaw shell-env fallback trusted startup env and could execute attacker-influenced login-shell paths

Summary OpenClaw shell-env fallback trusted startup environment values and could execute attacker-influenced login-shell startup paths before loading env keys. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.1.5 and = 2026.2.21-2 - Fixed on main:...

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

Security update for python311

This update for python311 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2025-12781: inadequate parameter check can cause data integrity issues bsc1257108. CVE-2025-15282:...

SUSE-SU-2026:0767-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2025-12781: inadequate parameter check can cause data integrity issues bsc1257108. - CVE-2025-1528...