[SECURITY] [DLA 4458-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4458-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 28, 2026 https://wiki.debian.org/LTS -...

GHSA-RVXJ-7F72-MHRX EGroupware has SQL Injection in Nextmatch Filter Processing

Summary Critical Authenticated SQL Injection in Nextmatch Widget Filter Processing A critical SQL Injection vulnerability exists in the core components of EGroupware, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL commands into the...

EGroupware has SQL Injection in Nextmatch Filter Processing

Summary Critical Authenticated SQL Injection in Nextmatch Widget Filter Processing A critical SQL Injection vulnerability exists in the core components of EGroupware, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL commands into the...

CVE-2025-68659

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attackers to cause noticeable server delays and...

CVE-2025-68659 Discourse has DoS vulnerability in username change endpoint

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attackers to cause noticeable server delays and...

EUVD-2025-206425

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attackers to cause noticeable server delays and...

CVE-2026-22243

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL...

EUVD-2026-4883

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL...

CVE-2026-22243 EGroupware has SQL Injection in Nextmatch Filter Processing

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL...

CVE-2026-22243

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL...

CVE-2026-22243 EGroupware has SQL Injection in Nextmatch Filter Processing

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL...

Denial Of Service (DoS)

orjson is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to missing recursion depth limits in orjson.dumps, where deeply nested JSON inputs can cause excessive recursion, leading to stack exhaustion and process crashes...

Malicious Package

Overview json-mapping-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-552 Malicious code in json-mapping-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51d9a56e7e0fdb852db49a56abffcdded34d184708b167002fe2e199438063aa The package json-mapping-web was found to contain malicious code. Source: ghsa-malware 37a8fbc4bd325b28e53dce222bdb8b8e10ff6f5559edb6e97605e1ee5cec17...

Malicious code in json-mapping-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51d9a56e7e0fdb852db49a56abffcdded34d184708b167002fe2e199438063aa The package json-mapping-web was found to contain malicious code. Source: ghsa-malware 37a8fbc4bd325b28e53dce222bdb8b8e10ff6f5559edb6e97605e1ee5cec17...

PT-2026-5137

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL...

Debian dla-4458 : python-django-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4458 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4458-1 [email protected]...

Serialization Injection Vulnerability

LangChain is vulnerable to a Serialization Injection Vulnerability. The vulnerability is due to improper handling of user-controlled objects containing lc keys in the toJSON serialization logic, which allows an attacker to inject crafted data that is mistakenly treated as a trusted LangChain obje...

CVE-2026-24810

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in rethinkdb src/cjson modules. This vulnerability is associated with program files cJSON.Cc. This issue affects rethinkdb: through v2.4.4...

CVE-2026-24813

CVE-2026-24813 describes a NULL pointer dereference in abcz316/SKRoot-linuxKernelRoot, tied to the cJSON.Cpp component within the testRoot/jni/utils modules. The issue affects SKRoot-linuxKernelRoot. Reported impact indicates high potential for availability loss, with no reported confidentiality ...