Fedora 44 : rust-sequoia-cert-store / rust-sequoia-chameleon-gnupg / etc (2026-5c5f4f40a4)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-5c5f4f40a4 advisory. - Update the sequoia-wot crate to version 0.15.2. - Update the sequoia-keystore crate to version 0.7.3. This includes a rebuild of all dependent applications...

cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2025-33248 via megatron-core (>=0.10.0 <=0.15.2)

megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2025-33248 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871032...

Security update for zk (moderate)

openSUSE Security Update: Security update for zk Announcement ID: openSUSE-SU-2026:0017-1 Rating: moderate References: Cross-References: CVE-2025-58181 CVSS scores: CVE-2025-58181 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Backports...

CVE-2025-68669

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits...

CVE-2025-68669 5ire vulnerable to Remote Code Execution (RCE) via mermaid

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits...

CVE-2025-68669

CVE-2025-68669 affects 5ire, a cross-platform desktop AI assistant. In versions 0.15.2 and earlier, RCE is possible in useMarkdown.ts because the markdown-it-mermaid plugin is initialized with securityLevel: 'loose', which allows HTML in Mermaid diagram nodes. The issue has not been patched at pu...

zk-0.15.2-1.1 on GA media (moderate)

zk-0.15.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:15841-1 Rating: moderate Cross-References: CVE-2025-58181 CVSS scores: CVE-2025-58181 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-58181 SUSE : 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...

OPENSUSE-SU-2025:15841-1 zk-0.15.2-1.1 on GA media

These are all security issues fixed in the zk-0.15.2-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2023-1234

Malicious code in bioql PyPI...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to incorrect permissions set on the /etc/passwd file during the build process. An attacker can gain elevated privileges by modifying the /etc/passwd file if they have the ability to execute commands...

GHSA-856V-8QM2-9WJV operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to incorrect permissions set on the /etc/passwd file during the build process. An attacker can gain elevated privileges by modifying the /etc/passwd file if they have the ability to execute commands...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to incorrect permissions set on the /etc/passwd file during the build process. An attacker can gain elevated privileges by modifying the /etc/passwd file if they have the ability to execute commands...

CVE-2023-30622

Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called cluster-hub inside the clusternet-syste...

Command Injection

Overview deepspeed is a DeepSpeed library Affected versions of this package are vulnerable to Command Injection when multiple instances where subprocess.run and subprocess.checkoutput, are called with unsanitized input and shell=True. An attacker would need to supply specially crafted input to...

@blocklet/discuss-kit (>=1.0.8 <=2.0.172), @blocklet/discuss-kit-post (>=1.6.254 <=2.0.172) +52 more potentially affected by CVE-2023-26140 via @excalidraw/excalidraw (>=0.10.0 <=0.15.2)

@excalidraw/excalidraw NPM version =0.10.0, =1.0.8, =1.6.254, =1.0.8, =0.0.2, =0.0.6, =1.0.0, =0.0.1, =0.0.1, =0.0.2, =30.1.2, =0.0.0, =0.0.5, =0.1.8, =0.1.72 and more Source cves: CVE-2023-26140 Source advisory: OSV:GHSA-V7V8-GJV7-FFMR...

PT-2023-8844 · Npm · @Excalidraw/Excalidraw

Name of the Vulnerable Software and Affected Versions: @excalidraw/excalidraw versions 0.0.0 through 0.15.2 Description: The issue is related to Cross-site Scripting XSS via embedded links in whiteboard objects due to improper input sanitization. This allows a remote attacker to conduct an XSS...

Privilege escalation

Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called cluster-hub inside the clusternet-syste...

CVE-2023-30622 Clusternet has potential risk which can be leveraged to make a cluster-level privilege escalation

Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called cluster-hub inside the clusternet-syste...

CVE-2023-30622 Clusternet has potential risk which can be leveraged to make a cluster-level privilege escalation

Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called cluster-hub inside the clusternet-syste...