OneUptime ClickHouse vulnerable to SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters

The fix for GHSA-p5g2-jm85-8g35 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query construction paths in StatementGenerator. The toSortStatement, toSelectStatement, and...

Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution

Summary PySpector versions = 0.1.6 are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing JavaScript payloads i.e. inside a string passed to eval , the flagged code snippet is interpolated into the HTML report...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

🔐 SSH Exploit Tool Educational Use Only 📌 Description Th...

Cross-site Scripting (XSS)

Overview @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting XSS via the selectElement.innerHTML method. An attacker...

Malicious code in @f5rest/icr-metadata-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 997e0d3cb7fd000b08e52b7679e870d2ade8d698b16aeec6f2497aae10bea376 The package @f5rest/icr-metadata-generator was found to contain malicious code...

MAL-2026-1616 Malicious code in @f5rest/icr-metadata-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 997e0d3cb7fd000b08e52b7679e870d2ade8d698b16aeec6f2497aae10bea376 The package @f5rest/icr-metadata-generator was found to contain malicious code...

EulerOS Virtualization 2.13.1 : bind (EulerOS-SA-2026-1633)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker ...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

WordPress WPvivid 0.9.123 Payload Generator / Scanner

This Python script is a proof of concept tool designed to generate a crafted payload targeting the WPvivid Backup Migration plugin mechanism in WordPress. The script encrypts a JSON object containing file data using AES-CBC with a null key and IV, formats it according to the plugin's expected...

EulerOS Virtualization 2.12.1 : bind (EulerOS-SA-2026-1417)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker ...

USN-8095-1 linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

SUSE-SU-2026:0897-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator bsc1257181...

Windows File Explorer NTLM Forced Authentication Hash Disclosure 1.0

Windows File Explorer contains persistent forced authentication behavior that automatically transmits NTLM challenge-response hashes to remote SMB/WebDAV endpoints during routine file operations, enabling credential theft and potential domain compromise through NTLM relay attacks. This is not an...

TencentOS Server 4: python3.11 (TSSA-2026:0141)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0141 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

SUSE SLES12 Security Update : python36 (SUSE-SU-2026:0884-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0884-1 advisory. - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator bsc1257181. Tenable has extracted the...

apache-gravitino (>=1.2.0 <=1.2.1rc2), cloudquery-plugin-sdk (=0.1.52) +14 more potentially affected by CVE-2026-32274 via black (>=26.1.0 <=26.3.0)

black PYPI version =26.1.0, =1.2.0, =0.4.0, =0.2.2, =2.189.0, =0.12.0, =0.7.4, =0.8.0, =0.1.8, =2.54.8, =0.17.1, =1.2.1, =0.1.2, =0.1.3 and more Source cves: CVE-2026-32274 Source advisory: SNYK:PYTHON-BLACK-15518063...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SCIM API when URL-encoded path values are used. An attacker can access sensitive user information, including names, email addresses, phone numbers, addresses, external IDs,...

Security update for python

This update for python fixes the following issue: CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator bsc1257181. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

SUSE-SU-2026:0873-1 Security update for python

This update for python fixes the following issue: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator bsc1257181...

@ind-rcg/generator (>=262.1002.0-beta.2 <=264.1004.0-beta.1), @ind-rcg/modeler-sfdx-cli-plugin (>=262.1002.0-beta.4 <=264.1004.0-beta.4) +2 more potentially affected by CVE-2026-26801 via pdfmake (>=0.3.0-beta.2 <=0.3.2)

pdfmake NPM version =0.3.0-beta.2, =262.1002.0-beta.2, =262.1002.0-beta.4, =262.1002.0-beta.3, =1.0.0, =2.2.0 Source cves: CVE-2026-26801 Source advisory: OSV:GHSA-WP52-R2FP-4VMR...