SUSE CVE-2026-33322

MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and...

forman: Foreman: Remote Code Execution via command injection in WebSocket proxy

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...

forman: Foreman: Remote Code Execution via command injection in WebSocket proxy

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...

forman: Foreman: Remote Code Execution via command injection in WebSocket proxy

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...

EUVD-2026-16167

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...

CVE-2025-13459

IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow...

CVE-2025-12454

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0...

CVE-2025-12453

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0...

CVE-2025-12455

Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X...

CVE-2025-13460

IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy...

CVE-2025-13212

IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency...

CVE-2026-32291

The GL-iNet Comet GL-RM1 KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

CVE-2026-1961

CVE-2026-1961 affects Foreman via a command injection in Foreman's WebSocket proxy. The vulnerability arises from unsanitized hostname values from compute resource providers when building shell commands. An attacker operating a malicious compute resource server could achieve remote code execution...

CVE-2026-1961 Forman: foreman: remote code execution via command injection in websocket proxy

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...

CVE-2026-1961

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...

[SECURITY] Fedora 44 Update: dotnet8.0-8.0.125-1.fc44

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 44 Update: dotnet10.0-10.0.104-1.fc44

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

Foreman 安全漏洞

Foreman is a set of open-source tools developed by Foreman for lifecycle management in both physical and virtual servers. This tool provides functions such as service activation, configuration management, and reporting status. There is a security vulnerability in Foreman, which stems from command...

Malicious code in console-loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a453dd193f8ddd250ba6ade5c711f845eced766f664cb75f7969f064a94b86f The package console-loggers was found to contain malicious code. Source: ghsa-malware 4172c3551666d2ed6e2691429d3929465e9f862f0967ff39fcad41faf23fb20...

Malicious Package

Overview console-loggers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...