CLEANSTART-2026-QR52625 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68119, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, ghsa-mh2q-q3fh-2475 applied in versions: 1.17.15-r0, 1.18.5-r0

Multiple security vulnerabilities affect the cilium package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-41682

pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi cast in parseuri. This issue has been patched in version 1.18.5...

CVE-2026-41682

CVE-2026-41682 affects pupnp (UPnP SDK); prior to 1.18.5 it is vulnerable to SRRF/port-confusion from port truncation caused by atoi() in parse_uri(). Patch available in pupnp 1.18.5. CVSS 4.0 base score 6.9 (MEDIUM).

CVE-2026-41682 pupnp: Port truncation via atoi() cast in parse_uri() allows SSRF port confusion

pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi cast in parseuri. This issue has been patched in version 1.18.5...

CVE-2026-41682

pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi cast in parseuri. This issue has been patched in version 1.18.5...

libixml11-1.18.5-1.1 on GA media (moderate)

libixml11-1.18.5-1.1 on GA media Announcement ID: openSUSE-SU-2026:10641-1 Rating: moderate Cross-References: CVE-2026-41682 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2026:10641-1 libixml11-1.18.5-1.1 on GA media

These are all security issues fixed in the libixml11-1.18.5-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-35887

Name of the Vulnerable Software and Affected Versions libixml11 versions prior to 1.18.5-1.1 Description Security issues were identified in the libixml11 library. Recommendations Update to version 1.18.5-1.1...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.5 security update

Important: Red Hat OpenShift GitOps v1.18.5 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-9158 OpenShift Gitops Operator v1.19.2 has hardcoded pod-security labels which conflict OCP = 4.16 GITOPS-9587 multiple CVEs in ose-kube-rbac-pro...

SUSE CVE-2026-25518

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS...

BIT-CILIUM-OPERATOR-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

EUVD-2021-2354

Malware in sbrugna...

EUVD-2023-32125

Malicious code in bioql PyPI...

EUVD-2025-26562

Malicious code in bioql PyPI...

CVE-2025-58604

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through = 1.18.5...

CVE-2025-58604

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through = 1.18.5...

CVE-2025-58604 WordPress Mail Mint Plugin <= 1.18.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through = 1.18.5...

CVE-2025-58604 WordPress Mail Mint Plugin <= 1.18.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through = 1.18.5...

CVE-2025-58604

CVE-2025-58604 WordPress Mail Mint Plugin

CVE-2025-54423

copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5...