0utmailauth (=1.0.0), @1023-ventures/ursa-core (>=0.5.2 <=0.5.3) +1938 more potentially affected by CVE-2026-22036 via undici (>=6.0.1 <=6.22.0)

undici NPM version =6.0.1, =0.5.2, =0.5.2, =0.4.2, =0.5.116, =1.3.7, =1.3.7, =1.3.7, =1.0.0, =1.0.0, =0.1.5-alpha.0, =1.0.9-beta.0, =0.5.21, =0.5.43 and more Source cves: CVE-2026-22036 Source advisory: SNYK:JS-UNDICI-14943963...

RHSA-2026:0353 Red Hat Security Advisory: python3.12 security update

Bulletin has no description...

RHSA-2026:0343 Red Hat Security Advisory: gcc-toolset-13-binutils security update

Bulletin has no description...

MiracleLinux 3 : icu-3.6-5.11.2 (AXSA:2009-36:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-36:01 advisory. International Components for Unicode - libraries. Fixed bugs: CVE-2008-1036 International Components for Unicode ICU in Apple Mac OS X before 10.5.3 omits some...

MiracleLinux 4 : kdelibs-4.3.4-19.AXS4 (AXSA:2012-970:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-970:03 advisory. Libraries for the K Desktop Environment. KDE Libraries include: kdecore KDE core library, kdeui user interface, kfm file manager, khtmlw HTML widget,...

MiracleLinux 3 : firefox-3.6.11-2.0.1.AXS3; nss-3.12.8-1.AXS3; xulrunner-1.9.2.11-2.0.1.AXS3 (AXSA:2010-476:07)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-476:07 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Network Security Services NSS is a set...

MiracleLinux 4 : glibc-2.12-1.7.AXS4.5 (AXSA:2011-142:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-142:02 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as t...

MiracleLinux 4 : kdelibs-4.3.4-11.AXS4.4 (AXSA:2012-42:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-42:01 advisory. Libraries for the K Desktop Environment 4. Security issues fixed with this release: CVE-2011-3365 The KDE SSL Wrapper KSSL API in KDE SC 4.6.0 through 4.7.1, a...

MiracleLinux 3 : kdelibs-3.5.5-11.25AXS3 (AXSA:2009-427:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-427:02 advisory. KDE Libraries include: kdecore KDE core library, kdeui user interface, kfm file manager, khtmlw HTML widget, kio Input/Output, networking, kspell spelling...

MiracleLinux 3 : kdelibs-3.5.5-11.24AXS3 (AXSA:2009-74:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-74:01 advisory. KDE Libraries include: kdecore KDE core library, kdeui user interface, kfm file manager, khtmlw HTML widget, kio Input/Output, networking, kspell...

MiracleLinux 4 : glibc-2.12-1.80.AXS4.3 (AXSA:2012-754:05)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-754:05 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as t...

MiracleLinux 4 : glibc-2.12-1.47.AXS4 (AXSA:2012-38:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-38:01 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to...

@cenk1cenk2/renovate-config (>=2.0.0 <=2.3.148), @jamietanna/patch-testing (>=0.1.0 <=0.2.28) +9 more potentially affected by unknown CVE via renovate (>=31.97.3 <=40.21.2)

renovate NPM version =31.97.3, =2.0.0, =0.1.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =1.1.130, =0.0.1, =0.19.0 - @zotero-chinese/renovate-config =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-3F44-XW83-3PMG...

CVE-2025-68925 Jervis has a JWT Algorithm Confusion Vulnerability

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...

CVE-2025-68925

Summary (CVE-2025-68925): Jervis (net.gleske:jervis) is vulnerable prior to version 2.2 due to a JWT header check omission that fails to enforce the algorithm field (alg) to RS256. The issue allows potential JWT forgery or signature bypass depending on context, as described in multiple sources (e...

CVE-2025-68698 Jervis has an RSA PKCS#1 v1.5 Padding Vulnerability

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

[SECURITY] Fedora 43 Update: python3.12-3.12.12-2.fc43

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

CVE-2023-29376

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...

CVE-2022-42126

The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI...

CVE-2023-29506

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10...