[SECURITY] Fedora 43 Update: keylime-agent-rust-0.2.9-2.fc43

The Keylime agent...

GHSA-9C4H-PWMF-M6FJ RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface

Impact Vulnerability Type: Improper Control of Generation of Code 'Code Injection' CWE-94 / Improper Check for Unusual or Exceptional Conditions CWE-754 / Improper Input Validation CWE-20 / Use of Low-Level Functionality CWE-695 / Improper Privilege Management CWE-269 / External Control of System...

RSSN has Arbitrary Code Execution via Unvalidated JIT Instruction Generation in C-FFI Interface

Impact Vulnerability Type: Improper Control of Generation of Code 'Code Injection' CWE-94 / Improper Check for Unusual or Exceptional Conditions CWE-754 / Improper Input Validation CWE-20 / Use of Low-Level Functionality CWE-695 / Improper Privilege Management CWE-269 / External Control of System...

RUSTSEC-2026-0038 RustSec Advisory

Impact Vulnerability Type: Improper Control of Generation of Code 'Code Injection' CWE-94 / Improper Check for Unusual or Exceptional Conditions CWE-754 / Improper Input Validation CWE-20 / Use of Low-Level Functionality CWE-695 / Improper Privilege Management CWE-269 / External Control of System...

CVE-2026-30861 WeKnora: Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution RCE vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user...

CVE-2026-30861

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution RCE vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user...

[SECURITY] Fedora 44 Update: keylime-agent-rust-0.2.9-1.fc44

The Keylime agent...

Fedora 42 : keylime / keylime-agent-rust (2026-c2b5451b35)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-c2b5451b35 advisory. Update keylime to version 7.14.1 and keylime-agent-rust to version 0.2.9 Fixes: CVE-2026-1709 and CVE-2025-13609 Tenable has extracted the preceding...

[SECURITY] Fedora 43 Update: keylime-agent-rust-0.2.9-1.fc43

The Keylime agent...

WordPress GNUPress Plugin <= 0.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin GNUPress versions = 0.2.9...

Guardrails has an arbitrary code execution vulnerability

An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code will be passed to an eval function, causing i...

Guardrails 安全漏洞

Guardrails is a Python framework open-sourced by Guardrails AI. A security vulnerability exists in Guardrails versions 0.2.9 through 0.5.0 and earlier, which stems from its improper validation of an XML file, such that if a victim loads an XML file containing malicious Python code, the code will ...

CVE-2024-25180

pdfmake 0.2.9 is affected by CVE-2024-25180: a crafted POST request to the /pdf endpoint can allow remote code execution. The /pdf endpoint’s behavior is disputed and is reported as intentional; it is only exposed after installing a test framework outside the pdfmake application, and users are re...

pdfmake Security Vulnerabilities

pdfmake is Bartek Pampuch individual developers of a pure JavaScript server-side and client-side PDF document generation library . A security vulnerability exists in pdfmake 0.2.9 and earlier versions, which stems from a vulnerability that allows a remote attacker to run arbitrary code to a...

CVE-2024-0937

Summary of CVE-2024-0937 : A critical deserialization vulnerability in van_der_Schaar LAB synthcity 0.2.9 affects the PKL File Handler’s load_from_file function. The issue enables remote deserialization attacks and is supported by multiple sources (Red Hat, Veracode, OSV/GHSA, CVE listing). Descr...

van_der_Schaar LAB synthcity code issue vulnerability

synthcity is a vanderSchaar LAB open source library for generating and evaluating synthetic tabular data. A code issue vulnerability exists in vanderSchaar LAB synthcity version 0.2.9, which stems from an incorrect operation that can lead to deserialization...

Malicious code in fec-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dcb9ae48dadfaae28ed7f4c8edcde694f63b90d1e7533c789704cabc4147c8c7 The OpenSSF Package Analysis project identified 'fec-sdk' @ 0.2.9 npm as malicious. It is considered malicious because: - The package communicat...

CVE-2023-42441

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...

Vyper Security Vulnerability

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions 0.2.9 through 0.3.10, which stems from the fact that locks of type @nonreentrant or @nonreentrant are not reentrant-checked at runtime...