[SECURITY] Fedora 43 Update: xen-4.20.3-2.fc43

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 42 Update: glow-2.1.2-1.fc42

Glow is a terminal based markdown reader designed from the ground up to bring out the beauty=E2=80=94and power=E2=80=94of the CLI. Use it to discover mark down files, read documentation directly on the command line. Glow will find local markdown files in subdirectories or a local Git repository...

PT-2026-36295

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident...

PT-2026-36478

An out-of-bounds read vulnerability in VrmlData IndexedLineSet::TShape in the VRML parser in Open CASCADE Technology OCCT V8 0 0 rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices...

Bitwarden CLI 操作系统命令注入漏洞

Bitwarden CLI is a command-line password management tool provided by Bitwarden Corporation. Version 2026.4.0 of Bitwarden CLI contains a vulnerability related to operating system command injection, which stems from the embedding of malicious code when retrieving it via npm...

Open Cascade OCCT 缓冲区错误漏洞

Open Cascade OCCT is a 3D modeling and geometry computation kernel from the French company Open Cascade. A buffer error vulnerability exists in Open Cascade OCCT version V800rc5, which stems from a heap-based out-of-bounds read issue in the RWObjReader::read function in the OBJ file parser, as...

CVE-2026-42479

An out-of-bounds read vulnerability in VrmlDataIndexedLineSet::TShape in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices...

PT-2026-36388

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the linedisp release function. The issue occurs because the function uses to linedisp to retrieve the enclosing struct linedisp, which relies on the...

Open Cascade OCCT 缓冲区错误漏洞

Open Cascade OCCT is a 3D modeling and geometry computation kernel from the French company Open Cascade. A buffer error vulnerability exists in Open Cascade OCCT version V800rc5, which stems from an out-of-bounds read issue in the VrmlDataIndexedLineSet::TShape function in the VRML parser, as the...

CRLF Injection

Axios is vulnerable to CRLF Injection. The vulnerability is due to improper sanitization of the Content-Type value in multipart form-data construction, which allows an attacker to inject arbitrary headers into the request body via crafted input...

CVE-2026-3861

LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily...

CLSA-2026-1777545655 vim: Fix of 10 CVEs

CVE-2021-3928: in suggesttriewalk only credit a non-word-char boundary with SCORENONWORD when preword is non-empty, so spell suggestions do not read uninitialized memory behind preword. - CVE-2021-3974: in nfaregmatch NFAMARK / NFAMARKGT / NFAMARKLT, save reginput - regline and re-fetch regline...

Docker Desktop < 4.59.0 ECI Privilege Escalation (CVE-2026-6406)

The version of Docker Desktop installed on the remote host is prior to 4.59.0. It is, therefore, affected by a local privilege escalation vulnerability: - A flaw exists in the Enhanced Container Isolation ECI feature related to processing of Docker CLI arguments. The issue results from an exposed...

CVE-2026-24231

NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL referencing the 0.0.0.0/8 address range through a blueprint configuration file or CLI flag. A successful...

CVE-2026-41940: cPanel & WHM Authentication Bypass

Overview On April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In the cPanel release notes, the bug was described as "an issue with session loading and saving." CVE-2026-41940, the identifier subsequently assigned on...

CVE-2018-25309

CVE-2018-25309 affects MyBB 17.0 Recent Threads. It is a persistent XSS in the thread subject that lets attackers inject scripts to execute in the browsers of users viewing the index page. The root cause is crafted subject lines containing script tags, enabling arbitrary JavaScript execution in a...

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

EUVD-2026-26228

Improper neutralization of CRLF sequences 'CRLF injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus allows Authentication Bypass. This issue affects Pardus: from =0.6.4 before 0.8.0...

CVE-2026-5140

CVE-2026-5140 is a CRLF injection vulnerability in Pardus (TUBITAK BILGEM Software Technologies Research Institute). Affected: Pardus

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...