CVE-2026-9658 Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

CVE-2026-9658 Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

EUVD-2026-32892

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

CVE-2026-9658

CVE-2026-9658 affects Plack::Middleware::Security::Common for Perl prior to version 0.13.1. The vulnerability arises from header-injection checks in request paths not consistently blocking crafted CRLF inputs unless double-encoded, e.g. GET /path\r\nHTTP/1.1\r\nHost: secret.example.com. The issue...

OPENSUSE-SU-2026:10837-1 python311-impacket-0.13.1-1.1 on GA media

These are all security issues fixed in the python311-impacket-0.13.1-1.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] Fedora 44 Update: rust-sequoia-chameleon-gnupg-0.13.1-12.fc44

Sequoia's reimplementation of the GnuPG interface...

CVE-2026-42224

ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no...

CVE-2026-42224

ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no...

CVE-2026-42224

The CVE-2026-42224 entry concerns ipl/web (Icinga Web components). Prior to version 0.13.1, it is vulnerable to reflected XSS via malformed search requests, enabling an attacker to inject JavaScript that runs in a victim’s browser when visiting a crafted site. The issue is patched in 0.13.1. A re...

CVE-2026-42224 ipl/web is vulnerable to reflected XSS by malformed search requests

ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no...

Icinga PHP Library 跨站脚本漏洞

The Icinga PHP Library is an open-source monitoring and metrics solution system’s web component developed by Icinga. Versions of the Icinga PHP Library prior to 0.13.1 contained a cross-site scripting vulnerability. This vulnerability allowed attackers to inject malicious JavaScript into the...

ipl/web is vulnerable to reflected XSS by malformed search requests

Impact The vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no immediate chance to notice any wrongdoing. Patches Version 0.13.1 includes a fix for...

GHSA-55WF-5M3Q-6JJF ipl/web is vulnerable to reflected XSS by malformed search requests

Impact The vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no immediate chance to notice any wrongdoing. Patches Version 0.13.1 includes a fix for...

[SECURITY] Fedora 44 Update: rust-sequoia-chameleon-gnupg-0.13.1-11.fc44

Sequoia's reimplementation of the GnuPG interface...

cosmos-predict2 (>=1.0.6 <=1.0.9), frankenstein-model (>=5.1.6 <=5.3.9) +11 more potentially affected by CVE-2025-23357 via megatron-core (>=0.10.0 <=0.13.1)

megatron-core PYPI version =0.10.0, =1.0.6, =5.1.6, =0.4.0, =1.0.0, =2.0.8, =2.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.5, =5.0.4 Source cves: CVE-2025-23357 Source advisory: SNYK:PYTHON-MEGATRONCORE-13901364...

EUVD-2021-21472

Malware in sbrugna...

EUVD-2025-10648

Malicious code in bioql PyPI...

Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection in the pretraingpt script. An attacker can execute arbitrary code, escalate privileges, access sensiti...

Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection via the msdp\preprocessing script. An attacker can execute arbitrary code and escalate privileges...

Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection via the ensembleclassifer script. An attacker can execute arbitrary code, escalate privileges, disclos...