Photon OS 4.0: Python3 PHSA-2026-4.0-0991

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0991. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

openSUSE 16 Security Update : tomcat10 (openSUSE-SU-2026:20444-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20444-1 advisory. Update to Tomcat 10.1.52: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. - CVE-2025-55754:...

SUSE CVE-2026-23453

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...

SUSE CVE-2026-23455

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: check for zero length in DecodeQ931 In DecodeQ931, the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator byte before passing it to...

SUSE CVE-2026-31397

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: fix use of NULL folio in movepageshugepmd movepageshugepmd handles UFFDIOMOVE for both normal THPs and huge zero pages. For the huge zero page path, srcfolio is explicitly set to NULL, and is used as a sentinel to...

SUSE CVE-2026-31400

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cacherequest leak in cacherelease When a reader's file descriptor is closed while in the middle of reading a cacherequest rp-offset != 0, cacherelease decrements the request's readers count but never checks whether it...

ALPINE-CVE-2026-34933

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...

CVE-2026-33184

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a peer-controlled limit during handshake and stores it unchanged. The immediate HandshakeAck path then honors lim...

CVE-2026-34584

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

CVE-2026-34758

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version 10.0.42...

EUVD-2026-18891

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a peer-controlled limit during handshake and stores it unchanged. The immediate HandshakeAck path then honors lim...

CVE-2026-33184

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a peer-controlled limit during handshake and stores it unchanged. The immediate HandshakeAck path then honors lim...

LiteLLM: Authentication bypass via OIDC userinfo cache key collision

Impact When JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. A...

CVE-2026-27885 Piwigo: SQL Injection in Activity.getList

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability was discovered in Piwigo affecting the Activity List API endpoint. This vulnerability allows an authenticated administrator to extract sensitive data from the database, including...

GHSA-R3FR-7M74-Q7G2 CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing

A vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker or a compromised/malicious MQTT broker to remotely crash the host iOS/macOS/tvOS application. The vulnerability is located in Source/FramePublish.swift during the extraction of the Topic string from the incomi...

CVE-2026-31397

A flaw was found in the Linux kernel's memory management subsystem, specifically within the movepageshugepmd function. A local user could exploit a NULL pointer dereference when handling huge zero pages, which can lead to a system crash and a Denial of Service DoS. Furthermore, improper...

CVE-2026-5485 OS command injection in Amazon Athena ODBC driver on Linux

OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...

CVE-2026-23453

A flaw was found in the Linux kernel's net: ti: icssg-prueth network driver. When XDP eXpress Data Path programs drop packets in non-zero-copy mode, memory pages are not properly returned to the system's page pool. This memory leak can lead to Out of Memory OOM conditions, causing a Denial of...

EUVD-2026-18776

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: fix use of NULL folio in movepageshugepmd movepageshugepmd handles UFFDIOMOVE for both normal THPs and huge zero pages. For the huge zero page path, srcfolio is explicitly set to NULL, and is used as a sentinel to...

EUVD-2026-18706

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...