Unity Linux 20.1070e Security Update: wildfly-core (UTSA-2026-016736)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016736 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

CVE-2026-33635

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

CVE-2026-33635

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

CVE-2026-33635

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

CVE-2026-33635 iCalendar has ICS injection via unsanitized URI property values

iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding...

CVE-2026-33635

The CVE-2026-33635 entry concerns the iCalendar Ruby library. Affected versions are 2.0.0 up to, but not including, 2.12.2, where ICS serialization fails to sanitize URI property values in calendar data. Specifically, Icalendar::Values::Uri falls back to the raw input when URI.parse fails and the...

CRLF Injection

Overview icalendar is an Implements the iCalendar specification RFC-5545 in Ruby. This allows for the generation and parsing of .ics files, which are used by a variety of calendaring applications. Affected versions of this package are vulnerable to CRLF Injection via the serialization process of...

Medusa 安全漏洞

Medusa is an open-source video library manager for TV shows developed by pyMedusa. Versions of Medusa prior to 2.12.2 contained security vulnerabilities. These vulnerabilities stemmed from a race condition in the registerUsage function of the promotional module, which could allow unauthenticated...

CVE-2024-39638

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2...

CVE-2025-62371

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugin...

GHSA-3XGR-H5HQ-7299 GeoIP processor disables SSL certificate validation when downloading databases

Impact The GeoIP processor in Data Prepper was configured to trust all SSL certificates and disable hostname verification when downloading GeoIP databases from HTTP URLs, making downloads vulnerable to man-in-the-middle attacks. The GeoIP processor included a custom SSL implementation that...

GeoIP processor disables SSL certificate validation when downloading databases

Impact The GeoIP processor in Data Prepper was configured to trust all SSL certificates and disable hostname verification when downloading GeoIP databases from HTTP URLs, making downloads vulnerable to man-in-the-middle attacks. The GeoIP processor included a custom SSL implementation that...

OpenSearch Data Prepper uses deprecated SSL protocol identifier

Impact The GeoIP processor and Kafka source and buffer were using the deprecated "SSL" protocol identifier when creating SSL contexts, potentially allowing the use of insecure SSL protocols instead of modern TLS versions. Multiple Data Prepper plugins used SSLContext.getInstance"SSL" which could...

Improper Certificate Validation

Overview org.opensearch.dataprepper.plugins:opensearch is a Data Prepper project: opensearch Affected versions of this package are vulnerable to Improper Certificate Validation in the SSL certificate validation process when the cert parameter is not explicitly provided. An attacker can intercept...

Improper Certificate Validation

Overview org.opensearch.dataprepper.plugins:geoip-processor is a Data Prepper project: geoip-processor Affected versions of this package are vulnerable to Improper Certificate Validation in the SSL certificate validation process when the cert parameter is not explicitly provided. An attacker can...

OpenSearch Data Prepper plugins trust all SSL certificates by default

Impact The OpenSearch sink and source plugins in Data Prepper are configured to trust all SSL certificates by default when no certificate path was provided, making connections vulnerable to man-in-the-middle attacks. Prior to this fix, the OpenSearch sink and source plugins would automatically us...

Improper Certificate Validation

Overview org.opensearch.dataprepper.plugins:kafka-plugins is a Data Prepper project: kafka-plugins Affected versions of this package are vulnerable to Improper Certificate Validation in the SSL certificate validation process when the cert parameter is not explicitly provided. An attacker can...

CVE-2025-62371 OpenSearch Data Prepper plugins trusts all SSL certificates by default

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugin...

PT-2025-42388

Name of the Vulnerable Software and Affected Versions OpenSearch Data Prepper versions prior to 2.12.2 Description OpenSearch Data Prepper is an open source data collector for observability data. The OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no...

EUVD-2021-27997

Malicious code in bioql PyPI...