CVE-2026-33881 Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

Fedora 23 : php-php-gettext (2016-a571b97ebb)

php-gettext 1.0.12 ================== - Security fix for potential code injection bug LP1515334 - Do not assume mbstring functions are always there, pass text through if they aren't LP734494 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...