openSUSE 16 Security Update : apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec (openSUSE-SU-2026:20841-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20841-1 advisory. Changes in apache-commons-lang3: Update to 3.20.0 New features: - Add SystemProperties.getPathString, Supplier - Add JavaVersion.JAVA25 - Add...

openSUSE 16 Security Update : helm (openSUSE-SU-2026:20655-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20655-1 advisory. Update to version 3.20.2. Security issued fixed: - CVE-2025-55199: specially crafted JSON Schema can lead to out of memory OOM termination...

CVE-2026-32887 Effect Bug: `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

CVE-2026-32887

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

Race Condition

Overview effect is a node package that allows you to add effects on images. Affected versions of this package are vulnerable to Race Condition in the MixedScheduler class, where the AsyncLocalStorage context is not properly isolated between concurrent fiber executions. An attacker can access or...

PT-2026-26681

Name of the Vulnerable Software and Affected Versions Effect versions prior to 3.20.0 @effect/rpc versions prior to 0.72.1 @effect/platform versions prior to 0.94.2 Description Effect is a TypeScript framework used for building TypeScript applications. A flaw exists in versions prior to 3.20.0,...

Effect Monorepo 竞争条件问题漏洞

Effect Monorepo is a functional framework developed by Effect Open Source for building TypeScript applications. Versions of Effect Monorepo prior to 3.20.0 contained a race condition vulnerability, which was caused by context confusion in RpcServer.toWebHandler, potentially allowing access to the...

OPENSUSE-SU-2026:10319-1 helm3-3.20.0-2.1 on GA media

These are all security issues fixed in the helm3-3.20.0-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-27194

D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue...

CVE-2026-27194

D-Tale (Python package dtale) is affected by CVE-2026-27194 due to a flaw in the /save-column-filter endpoint that allows Remote Code Execution. The issue arises from improper validation when constructing column filters via pandas DataFrame.query(), enabling an attacker to execute arbitrary code ...

CVE-2026-27194

D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue...

CVE-2026-27194 D-Tale affected by Remote Code Execution through the /save-column-filter endpoint

D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue...

CVE-2026-27194 D-Tale affected by Remote Code Execution through the /save-column-filter endpoint

D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue...

CVE-2026-27194 D-Tale affected by Remote Code Execution through the /save-column-filter endpoint

D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue...

Man D-Tale 注入漏洞

Man D-Tale is a visualization tool for pandas data structures within the Man company. Versions of Man D-Tale prior to 3.20.0 contained an injection vulnerability. This vulnerability stemmed from a remote code execution flaw through the /save-column-filter endpoint, which could allow attackers to...

GHSA-C87C-78RC-VMV2 D-Tale affected by Remote Code Execution through the /save-column-filter endpoint

Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.20.0. Workarounds There are no workarounds for versions 3.20.0...

D-Tale affected by Remote Code Execution through the /save-column-filter endpoint

Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.20.0. Workarounds There are no workarounds for versions 3.20.0...

Arbitrary Code Injection

Overview dtale is a Web Client for Visualizing Pandas Objects Affected versions of this package are vulnerable to Arbitrary Code Injection via the /save-column-filter endpoint due to the improper validation of input to pandas' DataFrame.query used to construct Column filters. An attacker can...

PT-2026-21349

Name of the Vulnerable Software and Affected Versions D-Tale versions prior to 3.20.0 Description D-Tale, a visualizer for pandas data structures, has an issue allowing for Remote Code Execution. This is due to a flaw in the /save-column-filter API endpoint. Publicly hosted instances of D-Tale ar...

SUSE CVE-2025-68118

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP's certificate handling code on Windows platforms. The function freerdpcertificatedatahash uses the Microsoft-specific snprintf function to format certificate cache filenames...