actscene-ocr (>=0.1.3 <=0.1.5), agent-zero (>=0.1.0 <=0.1.2) +78 more potentially affected by CVE-2026-44660 via ujson (>=5.0.0 <=5.12.0)

ujson PYPI version =5.0.0, =0.1.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0a2, =2.2.0, =6.2.0.dev68, =0.1.0, =0.0.23, =0.1.0, =2.0.12, =0.0.59, =0.1.0, =8.124.0, =8.125.0 and more Source cves: CVE-2026-44660 Source advisory: SNYK:PYTHON-UJSON-16643463...

weblate-fedora-messaging (>=0.1.0 <=0.12.0), wlhosted (>=2024.11.0 <=2025.1.0) potentially affected by CVE-2026-39845 via weblate (>=5.12.2 <=5.16.2)

weblate PYPI version =5.12.2, =0.1.0, =2024.11.0, =2025.1.0 Source cves: CVE-2026-39845 Source advisory: OSV:PYSEC-2026-156...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001397)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001397 advisory. An out-of-bounds OOB memory write flaw was found in listdevices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001332)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001332 advisory. An out-of-bounds OOB memory access flaw was found in x25bind in net/x25/afx25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker...

CVE-2024-32388

Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected...

CVE-2024-32388

Due to a firewall misconfiguration, Kerlink devices running KerOS prior to 5.12 incorrectly accept specially crafted UDP packets. This allows an attacker to bypass the firewall and access UDP-based services that would otherwise be protected...

EUVD-2020-3022

Malware in sbrugna...

EUVD-2025-18400

Malicious code in bioql PyPI...

EUVD-2025-18399

Malicious code in bioql PyPI...

CVE-2025-49134

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12...

CVE-2025-47951

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

SUSE CVE-2025-49134

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12...

CVE-2025-47951

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

CVE-2025-49134 Weblate exposes personal IP address via e-mail

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12...

CVE-2025-49134 Weblate exposes personal IP address via e-mail

Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained by third-party servers such as SMTP relays, or spam filters. This issue has been patched in version 5.12...

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...

CVE-2024-31214 Traccar's unrestricted file upload vulnerability in device image upload could lead to remote code execution

Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file...

Cross site request forgery (csrf)

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certa...

CVE-2020-36694

An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAPNETADMIN capability in an...