RLSA-2026:19013 Moderate: delve security update

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...

CLEANSTART-2026-IY92636 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succ...

Multiple security vulnerabilities affect the percona-xtradb-cluster-operator package. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it...

yggdrasil security update

An update is available for yggdrasil. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list yggdrasil is a system daemon that subscribes to topics on an MQTT broker a...

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the pluginImport.json.php endpoint. An attacker can execute arbitrary code on the server by tricking an authenticated admin into...

ALSA-2026:3298 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

EUVD-2016-4848

Malware in sbrugna...

EUVD-2009-2161

Malware in sbrugna...

EUVD-2016-4836

Malware in sbrugna...

EUVD-2024-1178

Malicious code in bioql PyPI...

EUVD-2022-4008

Malicious code in bioql PyPI...

EUVD-2024-46429

Malicious code in bioql PyPI...

Fedora 42 : perl-Plack-Middleware-Session (2025-ca07c36a0a)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ca07c36a0a advisory. This update upgrade the package to version 0.36. This version fixes CVE-2025-40923 by using Crypt::SysRandom to generate secure session IDs. Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2016-3835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x befor...

The vulnerability of the web interface of the IBM Robotic Process Automation software allows a perpetrator to disclose account information during a secure session.

The vulnerability of the web interface of the IBM Robotic Process Automation software lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to obtain login credentials during a secure session by executing the code...

The vulnerability of the web interface of the IBM InfoSphere Information Server software platform allows a perpetrator to disclose account information during a secure session.

The vulnerability in the web interface of the IBM InfoSphere Information Server software integration platform exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to disclose credentials during a secure sessio...

The vulnerability of the web interface of the IBM InfoSphere Information Server software platform allows a perpetrator to disclose account information during a secure session.

The vulnerability in the web interface of the IBM InfoSphere Information Server software integration platform exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to disclose credentials during a secure sessio...

The vulnerability of the web interface of the IBM InfoSphere Information Server software platform allows a perpetrator to disclose account information during a secure session.

The vulnerability in the web interface of the IBM InfoSphere Information Server software integration platform exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to disclose credentials during a secure sessio...

PrivateGPT 安全漏洞

PrivateGPT is an AI project. PrivateGPT has a security vulnerability that stems from a lack of secure session management implementation and a weak CORS policy, resulting in a cross-site request forgery CSRF vulnerability. An attacker could use this vulnerability to trigger a data poisoning attack...

The vulnerability of the Hitachi Ops Center Analyzer software for data analysis and analysis lies in the absence of a “Secure” flag in the HTTPS session cookies. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Hitachi Ops Center Analyzer software-related data analysis and processing programs lies in the absence of the “Secure” flag in the HTTPS session cookies. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected...

Session Fixation

@festify/secure-session is vulnerable to a Session Fixation. This vulnerability is due to the session removal process where even after marking the session for deletion, an attacker could continue using it...