openSUSE 16 Security Update : alloy (openSUSE-SU-2026:20816-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20816-1 advisory. This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key...

Security update for alloy (important)

openSUSE security update: security update for alloy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20816-1 Rating: important References: bsc1262955 bsc1263530 Cross-References: CVE-2026-34986 CVE-2026-41602 CVSS scores: CVE-2026-34986 SUSE : 7.5...

OPENSUSE-SU-2026:20816-1 Security update for alloy

This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262955. - CVE-2026-41602: github.com/apache/thrift: TFramedTransport frame size headers can lead to a uint32 integer...

CLEANSTART-2026-DL78780 Security fixes for CVE-2026-6664, CVE-2026-6665, CVE-2026-6666, CVE-2026-6667 applied in versions: 1.16.1-r0, 1.25.1-r0

Multiple security vulnerabilities affect the pgbouncer package. These issues are resolved in later releases. See references for individual vulnerability details...

OPENSUSE-SU-2026:10744-1 alloy-1.16.1-1.1 on GA media

These are all security issues fixed in the alloy-1.16.1-1.1 package on the GA media of openSUSE Tumbleweed...

Astra Linux - уязвимость в c-ares

Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply in aresparsesoareply.c...

Astra Linux - уязвимость в pgbouncer

When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1...

Slackware Linux 15.0 / current tigervnc Vulnerability (SSA:2026-084-02)

The version of tigervnc installed on the remote host is prior to 1.16.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-084-02 advisory. New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

PT-2026-27313

Name of the Vulnerable Software and Affected Versions chunjun versions prior to 1.16.1 Description An unreliable data deserialization issue exists in DTStack chunjun, specifically within the chunjun-core/src/main/java/com/dtstack/chunjun/util modules. The problem is linked to the GsonUtil.Java...

CVE-2026-23846

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...

CVE-2026-23846

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...

CVE-2026-23846

CVE-2026-23846 — Tugtainer password exposure : Tugtainer (self-hosted Docker updater) before version 1.16.1 transmits passwords via URL query parameters instead of the HTTP request body. This enables passwords to be logged in server access logs and potentially exposed through browser history, Ref...

EUVD-2026-3294

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...

CVE-2026-23846 Tugtainer vulnerable to Password Exposure via URL Query Parameter

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...

CVE-2026-23846

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...

PT-2026-3491

Name of the Vulnerable Software and Affected Versions Tugtainer versions prior to 1.16.1 Description Tugtainer is a self-hosted application designed for automating updates of Docker containers. Prior to version 1.16.1, the password authentication process transmits passwords through URL query...

Exposure of Storage Secret in Pyroscope

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...

CVE-2025-68505 WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...

CVE-2025-68505 WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...

WordPress plugin H5P 安全漏洞

WordPress H5P plugin is an open source plugin that allows users to create, manage and embed interactive multimedia content in WordPress websites. A lack of authorization vulnerability exists in WordPress H5P plugin, which can be exploited by an attacker to cause the exploitation of misconfigured...