SUSE-SU-2026:2079-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

CVE-2026-34451 Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did no...

EUVD-2022-5411

Malicious code in bioql PyPI...

CVE-2025-10433

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

PT-2025-37458

Name of the Vulnerable Software and Affected Versions: 1Panel-dev MaxKB versions up to 2.0.2 and 2.1.0 Description: A vulnerability exists in 1Panel-dev MaxKB due to improper processing of files. Specifically, the file /admin/api/workspace/default/tool/debug is susceptible to manipulation of the...

CVE-2020-2205

Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the checkVncServ form validation endpoint, resulting in a stored cross-site scripting XSS vulnerability exploitable by Jenkins administrators...

Baizhuo S210 SQL Injection Vulnerability

Baizhuo S210 is an Internet Behavior Management IBM appliance from Baizhuo, China. Baizhuo S210 suffers from a SQL injection vulnerability, which originates from the parameter txt in the file /Tool/repair.php that can lead to SQL injection...