OPENSUSE-SU-2026:10923-1 mcphost-0.34.0-8.1 on GA media

These are all security issues fixed in the mcphost-0.34.0-8.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10899-1 mcphost-0.34.0-7.1 on GA media

These are all security issues fixed in the mcphost-0.34.0-7.1 package on the GA media of openSUSE Tumbleweed...

openSUSE 16 Security Update : mcphost (openSUSE-SU-2026:20788-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20788-1 advisory. This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly...

Fedora 43 : docker-buildx (2026-6d1dd77956)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6d1dd77956 advisory. - Update to release v0.34.0 - Resolves: rhbz2467576 - Resolves CVE-2026-39984: rhbz2458930 - Upstream new features and fixes Tenable has extracted the...

Fedora 44 : docker-buildx (2026-7f8de90b74)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7f8de90b74 advisory. - Update to release v0.34.0 - Resolves: rhbz2467576 - Resolves CVE-2026-39984: rhbz2458930 - Upstream new features and fixes Tenable has extracted the...

Fedora 42 : docker-buildx (2026-95f37c21d5)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-95f37c21d5 advisory. - Update to release v0.34.0 - Resolves: rhbz2467576 - Resolves CVE-2026-39984: rhbz2458930 - Upstream new features and fixes Tenable has extracted the...

[SECURITY] Fedora 44 Update: docker-buildx-0.34.0-1.fc44

Docker CLI plugin for extended build capabilities with BuildKit...

OPENSUSE-SU-2026:10845-1 mcphost-0.34.0-5.1 on GA media

These are all security issues fixed in the mcphost-0.34.0-5.1 package on the GA media of openSUSE Tumbleweed...

SUSE-SU-2026:21756-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...

SUSE-SU-2026:21827-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...

OPENSUSE-SU-2026:20788-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...

OPENSUSE-SU-2026:10731-1 mcphost-0.34.0-1.1 on GA media

These are all security issues fixed in the mcphost-0.34.0-1.1 package on the GA media of openSUSE Tumbleweed...

async-ssh2-tokio (>=0.2.0 <=0.7.0), dev-tunnels (=0.1.0) +4 more potentially affected by CVE-2026-42189 via russh (>=0.34.0 <=0.37.1)

russh CARGO version =0.34.0, =0.2.0, =0.1.0, =0.2.0, =0.1.0, =0.4.1 - tunnels =0.1.0 Source cves: CVE-2026-42189 Source advisory: OSV:GHSA-F5V4-2WR6-HQMG...

CLEANSTART-2026-FJ01373 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68119, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-9h8m-3fm2-qjrq, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 0.34.0-r0, 0.34.0-r1, 0.34.0-r2

Multiple security vulnerabilities affect the descheduler package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-26189 Trivy Action has a script injection via sourced env file in composite action

Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in aquasecurity/trivy-action versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes...

CVE-2026-26189 Trivy Action has a script injection via sourced env file in composite action

Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in aquasecurity/trivy-action versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes...

CVE-2026-26189

CVE-2026-26189 affects aquasecurity/trivy-action (GitHub Action) where command injection is possible via unsafely exporting environment variables to trivy_envs.txt and sourcing it in entrypoint.sh. Affected versions are 0.31.0 through 0.33.1; a patch was released in 0.34.0. The issue arises from ...

EUVD-2021-1002

Malware in sbrugna...

synapse Authorization Issues Vulnerabilities

synapse is an application for open federated instant messaging and VoIP An authorization issue vulnerability exists in Synapse that stems from a read receipt that allows an attacker to forge any event. Affected Products and Versions:Synapse versions prior to 0.34.0 through 1.93.0...

CVE-2023-43640

TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database including the users table. This issue...