CLSA-2026-1779582830 vim: Fix of CVE-2026-46483

CVE-2026-46483: fix command injection in tar plugin Vimuntar when decompressing .tgz archives by passing the special flag to shellescape upstream vim 9.2.0479...

CLSA-2026-1777943581 vim: Fix of 2 CVEs

CVE-2026-35177: fix path traversal bypass in zip.vim by using simplify to detect attacks that circumvent the previous regex-only check - CVE-2026-39881: fix command injection in netbeans interface via unsanitized defineAnnoType and specialKeys parameters...

OPENSUSE-SU-2026:20653-1 Security update for radare2

This update for radare2 fixes the following issues: Changes in radare2: - Update to version 6.1.4 bsc1262142, CVE-2026-40499: Analysis: improve autoname scoring, jmptbl detection, and performance Add callargs modifier, rnum expressions, and typed function context Refactor autoname into plugin;...

Unity Linux 20.1070e Security Update: python3 (UTSA-2026-014307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014307 advisory. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters...

OpenClaw Host-Exec Environment Variable Injection

Impact OpenClaw Host-Exec Environment Variable Injection. Host exec could inherit environment variables that influence interpreters, shells, or build tools. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant servic...

EUVD-2026-18037

AIOHTTP has CRLF injection through multipart part content type header construction...

Fedora 42 : python-scitokens (2026-dec8f790f7)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dec8f790f7 advisory. - Remove legacy parent SciToken chaining behavior from token initialization and claim handling - Harden Enforcer scope path traversal validation including...

EUVD-2024-3257

Malicious code in bioql PyPI...

EUVD-2024-1382

Malicious code in bioql PyPI...

EUVD-2024-3067

Malicious code in bioql PyPI...

EUVD-2024-19512

Malicious code in bioql PyPI...

EUVD-2025-14808

Malicious code in bioql PyPI...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344. CVE-2024-12224...

SUSE-SU-2025:02499-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...

SUSE-SU-2025:02491-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...

CVE-2025-54076

CVE-2025-54076 affects WeGIA, an open-source web manager for welfare organizations. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the pre_cadastro_atendido.php endpoint, where attacker-controlled data in the msg_e parameter can be reflected back to the user. Root cause: lack of p...

WordPress Funnel Builder by FunnelKit plugin <= 3.10.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tom Broucke Patchstack Alliance in WordPress Plugin Funnel Builder by FunnelKit versions = 3.10.2...

Debian dla-4177 : libphp-adodb - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4177 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4177-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 4177-1] libphp-adodb security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4177-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk May 24, 2025 https://wiki.debian.org/LTS -...

CVE-2025-22596

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the modulosvisiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in...