Important: Red Hat Security Advisory: Red Hat Quay 3.17.2

Red Hat Quay 3.17.2 is now available with bug fixes. Quay 3.17.2...

CVE-2026-4420

Summary: CVE-2026-4420 affects Bludit with a Stored XSS in the “page creating” flow. An authenticated user with page-creation privileges (Author/Editor/Admin) can insert a malicious script into the tags field when creating an article. The payload executes when a victim visits the uploaded resourc...

EUVD-2026-16581

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

CVE-2026-25101

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

CVE-2026-25101

Bludit exposes a session fixation vulnerability: an attacker can set a user’s session ID before authentication, and the ID persists after login, enabling session hijacking. The issue affects Bludit and is fixed in version 3.17.2. Metrics indicate a high-impact CVSS base score (C/H I/H A/H) with n...

CVE-2026-25101 Session Fixation in Bludit

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

CVE-2026-25101 Session Fixation in Bludit

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

CVE-2026-25101

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

PT-2026-28341

Name of the Vulnerable Software and Affected Versions Bludit versions prior to 3.17.2 Description Bludit allows a user's session identifier to be set before authentication. The session ID remains consistent even after authentication, potentially allowing an attacker to fixate a session ID for a...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002444)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002444 advisory. The sctpassoclookupasconfack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial...

EUVD-2014-3633

Malware in sbrugna...

CVE-2025-6600

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...

Security update for helm

This update for helm fixes the following issues: Update to version 3.17.2 bsc1238688, CVE-2025-22870: Updating to 0.37.0 for x/net builddeps: bump the k8s-io group with 7 updates Update to version 3.17.1: merge null child chart objects builddeps: bump the k8s-io group with 7 updates fix: check...

WordPress Content Aware Sidebars plugin <= 3.17.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Content Aware Sidebars plugin versions = 3.17.1. Solution Update the WordPress Content Aware Sidebars plugin to the latest available version at least 3.17.2...

PT-2014-5417 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 3.17.2 Description: The WRMSR processing functionality in the KVM subsystem does not properly handle the writing of a non-canonical address to a model-specific register. This allows guest OS users to cause a deni...