EUVD-2026-18243

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

CVE-2026-31931 Suricata tls: null dereference in tls.alpn rule keyword

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...

CVE-2026-31931

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...

EUVD-2026-16034

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint interface/billing/getclaimfile.php only verifies that the caller has a valid session and CSRF token, but does not check any ACL...

SUSE CVE-2026-22262

Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not us...

UBUNTU-CVE-2026-22263

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

CVE-2026-22264

Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not run...

CVE-2026-22263 Suricata http1: quadratic complexity in headers parsing over multiple packets

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over multiple packets. Version 8.0.3 patches the issue. No known workarounds are available...

CVE-2026-22262

CVE-2026-22262 affects Suricata (network IDS/IPS/NSM). When saving a dataset, a stack buffer can overflow if the dataset data is too large, before patches were applied. Affected versions are prior to 8.0.3 and 7.0.14, which include the fixes. Remediation: upgrade to 8.0.3+ or 7.0.14+. As a workar...

CVE-2026-22262 Suricata datasets: stack overflow when saving a set

Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not us...

CVE-2026-22260

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

UBUNTU-CVE-2026-22260

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

CVE-2026-22261

CVE-2026-22261 affects Suricata (IDS/IPS/NSM engine). Affected: versions prior to 8.0.3 and 7.0.14 with inefficiencies in X-Forwarded-For (XFF) handling, especially for alerts not triggered in a transaction, causing severe slowdowns. The vulnerability is addressed in Suricata 8.0.3 and 7.0.14 via...

CVE-2026-22260

CVE-2026-22260 affects Suricata

CVE-2026-22260 Suricata http1: infinite recursion in decompression

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

CVE-2026-24001

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

OPENSUSE-SU-2026:10082-1 libsuricata8_0_3-8.0.3-1.1 on GA media

These are all security issues fixed in the libsuricata803-8.0.3-1.1 package on the GA media of openSUSE Tumbleweed...

Eval Injection

Overview Affected versions of this package are vulnerable to Eval Injection via the resourceurlproxy function. An attacker can execute arbitrary system commands by supplying crafted input to the enginename attribute, which is evaluated within the application context. PoC require 'ostruct' def...

CVE-2026-23885

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

GHSA-73RR-HH4G-FPGX jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

Impact Attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore...