[SECURITY] Fedora 44 Update: erlang-cowlib-2.16.1-1.fc44

Support library for manipulating Web protocols...

CVE-2026-7790

CVE-2026-7790 : Uncontrolled resource consumption in ninenines cowlib (cow_http_te) allows CPU and memory DoS via HTTP/1.1 chunked transfer encoding. The chunk-size field accepts an unbounded number of hex digits, causing O(N^2) CPU work and O(N) memory for N digits; drip-fed input worsens this t...

NextChat 安全漏洞

NextChat is an open-source project developed by NextChat for quickly deploying private ChatGPT web applications. Versions of NextChat 2.16.1 and earlier contained a security vulnerability. This vulnerability stemmed from the improper authorization in the addMcpServer function within the...

EUVD-2026-25931

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...

CVE-2026-7177 ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...

PT-2026-28789

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms image proxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the sche...

AZL-79652 CVE-2026-3713 affecting package tensorflow 2.16.1-11

A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function dopnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local...

AZL-78234 CVE-2026-2492 affecting package tensorflow for versions less than 2.16.1-11

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target syste...

CVE-2023-4879

Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git...

CVE-2023-4189

Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4649

Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1...

CVE-2023-4650

Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4878

Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4704

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4188

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

acherion (>=0.2.0 <=0.5.3), aesp (=2025.9.12) +223 more potentially affected by CVE-2026-21871 via nicegui (>=2.16.1 <=3.3.1)

nicegui PYPI version =2.16.1, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 and more Source cves: CVE-2026-21871 Source advisory: SNYK:PYTHON-NICEGUI-14912442...

EUVD-2023-54764

Malicious code in bioql PyPI...

EUVD-2023-54068

Malicious code in bioql PyPI...

EUVD-2023-54504

Malicious code in bioql PyPI...

EUVD-2023-54066

Malicious code in bioql PyPI...