Lucene search
K

5131 matches found

SUSE Linux
SUSE Linux
added 2026/04/23 4:38 p.m.5 views

Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: Update to go1.26.2 bsc1255111. CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. CVE-2026-27144: cmd/compile:...

7.5CVSS5.6AI score0.00621EPSS
Exploits0References44
OSV
OSV
added 2026/04/23 4:38 p.m.9 views

SUSE-SU-2026:1580-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: - Update to go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

9.8CVSS5.6AI score0.00658EPSS
Exploits0References22
ATTACKERKB
ATTACKERKB
added 2026/04/23 8:47 a.m.3 views

CVE-2026-3960

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

5.9CVSS7.7AI score0.00938EPSS
Exploits1References3
OSV
OSV
added 2026/04/22 11:9 a.m.4 views

SUSE-SU-2026:21379-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

9.1CVSS7.4AI score0.21691EPSS
Exploits8References21
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.9 views

PT-2026-33883

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.1.64 Description The sandbox in this agentic coding tool failed to prevent sandboxed processes from creating symbolic links symlinks pointing to locations outside the workspace. When the unsandboxed process wrot...

10CVSS6.4AI score0.00518EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

SUSE SLES15 Security Update : buildah (SUSE-SU-2026:1480-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1480-1 advisory. This update for buildah rebuilds it against the current go 1.25 security release. Tenable has extracted the preceding description block...

5.8AI score
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/21 12:0 a.m.6 views

Security update for go1.26 (important)

openSUSE security update: security update for go1.26 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20571-1 Rating: important References: bsc1255111 bsc1261653 bsc1261654 bsc1261655 bsc1261656 bsc1261657 bsc1261658 bsc1261659 bsc1261660 bsc1261661...

7.5CVSS5.8AI score0.00658EPSS
Exploits0References11
OSV
OSV
added 2026/04/20 10:29 a.m.6 views

SUSE-SU-2026:1483-1 Security update for helm

This update for helm fixes the following issues: - CVE-2025-55199: crafted JSON Schema can lead to out of memory OOM termination bsc1248093. - CVE-2026-35206: files written to unexpected directory via specially crafted Chartbsc1261938. Changes for helm: - Update to version 3.20.2...

6.5CVSS7.3AI score0.00311EPSS
Exploits0References5
OSV
OSV
added 2026/04/17 1:43 p.m.4 views

SUSE-SU-2026:1439-1 Security update for openvswitch

This update for openvswitch fixes the following issue: Security updates: - CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273. Other updates: - Update openvswitch to 3.5.4...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/16 11:53 p.m.5 views

CVE-2026-40263

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediately for nonexistent usernames. This timing discrepancy allows unauthenticated attackers to enumerat...

3.7CVSS5.7AI score0.002EPSS
Exploits0References3Affected Software1
SUSE Linux
SUSE Linux
added 2026/04/16 8:42 a.m.6 views

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to 149.0.2 and 140.9.1esr bsc1261663. CVE-2026-5731: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. CVE-2026-5732: Incorrect boundary...

8.8CVSS5.9AI score0.0035EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.16 views

SUSE SLED15: himmelblau / himmelblau-sshd-config / libnss_himmelblau2 / etc (SUSE-SU-2026:1361-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1361-1 advisory. Update to version 2.3.9+git0.a9fd29b; jscPED-14511: - CVE-2026-34397: Fix LPE due to name collision during NSS...

8.8CVSS6.1AI score0.00707EPSS
Exploits4References23
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.8 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python311 (SUSE-SU-2026:1349-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1349-1 advisory. - Updated to Python 3.11.15 - CVE-2025-6075: If the value passed to os.path.expandvars is...

7.5CVSS7.1AI score0.01525EPSS
Exploits0References46
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.4 views

SUSE SLED15 / SLES15 Security Update : go1.26 (SUSE-SU-2026:1320-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1320-1 advisory. - Update to go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG...

9.8CVSS6AI score0.00658EPSS
Exploits0References32
SUSE Linux
SUSE Linux
added 2026/04/14 12:39 p.m.5 views

Security update for go1.26

This update for go1.26 fixes the following issues: Update to go1.26.2 bsc1255111. CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. CVE-2026-27144: cmd/compile: no-op...

7.5CVSS5.9AI score0.00658EPSS
Exploits0References42
Vulnrichment
Vulnrichment
added 2026/04/13 9:28 p.m.3 views

CVE-2026-22563

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...

9.8CVSS5.8AI score0.01051EPSS
Exploits0References1
RubySec
RubySec
added 2026/04/13 12:0 a.m.12 views

ERB has an @_init deserialization guard bypass via def_module / def_method / def_class

ERB implements an @init guard to prevent code execution when ERB objects are reconstructed via Marshal.load on untrusted data. However, ERBdefmethod, ERBdefmodule, and ERBdefclass evaluate the template source without checking this guard, allowing an attacker who controls the data passed to...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/08 7:15 a.m.8 views

Multiple vulnerabilities in Movable Type

Overview The Listing Framework of Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Code injection CWE-94 - CVE-2026-25776 SQL injection CWE-89 - CVE-2026-33088 CVE-2026-25776 Sho Odagiri of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Six...

9.8CVSS7.4AI score0.00468EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/07 2:12 p.m.3 views

CVE-2026-5382 runZero Platform MCP endpoint information leak

An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue was fixed in...

3CVSS5.8AI score0.00174EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/03 10:31 p.m.2 views

CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass

Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...

6.1CVSS5.7AI score0.0023EPSS
Exploits1References2
Rows per page
Query Builder