[SECURITY] [DSA 6315-1] cyborg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6315-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 31, 2026 https://www.debian.org/security/faq -...

List of Security Fixes and Improvements in Veeam Recovery Orchestrator

Purpose This article describes all security-related fixes and improvements introduced in each release or update of Veeam Recovery Orchestrator. This article aims to provide our customers' security and compliance teams with detailed information on security improvements between releases to help the...

Allocation of Resources Without Limits or Throttling

Overview codeberg.org/forgejo/forgejo/services/context is a self-hosted lightweight software forge Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in api.go and context.go, which accept attachments of unlimited size, and allocate unlimited...

EUVD-2026-10935

Umbraco Backoffice API Allows Unauthorized Modification of Domain Data...

CVE-2026-31832 Umbraco Backoffice API Allows Unauthorized Modification of Domain Data

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...

OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

[SECURITY] Fedora 43 Update: rust-tokei-14.0.0-4.fc43

Count your code, quickly...

EUVD-2026-3534

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Relationship Pricing. Supported versions that are affected are 14.0.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege authentication bypass vulnerability exists...

CVE-2022-31735

OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability CWE-601. When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website...

EUVD-2019-16218

Malware in sbrugna...

EUVD-2019-16153

Malware in sbrugna...

EUVD-2023-31497

Malicious code in bioql PyPI...

CVE-2025-8662

OpenAM OpenAM Consortium Edition contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1...

CVE-2025-8662

OpenAM OpenAM Consortium Edition contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1...

OpenAM 安全漏洞

OpenAM is an all-in-one access management solution organized by the OpenAM Consortium. It provides authentication, authorization, delegation and federation capabilities. A security vulnerability exists in OpenAM versions 14.0.0 through 14.0.1, which stems from a tampering request that could resul...

PT-2025-35534

Name of the Vulnerable Software and Affected Versions: OpenAM versions 14.0.0 through 14.0.1 Description: OpenAM OpenAM Consortium Edition may malfunction as a SAML Identity Provider IdP due to a tampered request. Recommendations: At the moment, there is no information about a newer version that...

br.com.thiagomoreira.liferay.plugins.fix-virtual-host-app:fix-virtual-host-hook (=5.0.0), com.liferay.faces.demo:com.liferay.faces.demo.jsf.registration.portlet (=6.1.0) +9 more potentially affected by CVE-2025-43770 via com.liferay.portal:com.liferay.portal.kernel (>=100.0.0 <=14.0.0)

com.liferay.portal:com.liferay.portal.kernel MAVEN version =100.0.0, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =14.0.0 Source cves: CVE-2025-43770 Source advisory: OSV:GHSA-H4M4-XP33-37MJ...

TwistedWeb 安全漏洞

TwistedWeb is a web server framework from Twisted Open Source. A security vulnerability exists in TwistedWeb version 14.0.0, which stems from improper input cleanup for the file upload feature and could lead to remote code execution...

CVE-2025-48953

Umbraco is an ASP.NET content management system CMS. Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and...