OPENSUSE-SU-2026:10763-1 regclient-0.11.4-1.1 on GA media

These are all security issues fixed in the regclient-0.11.4-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-41422 Daptin vulnerable to SQL injection via unvalidated goqu.L() calls in aggregate API

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed...

openSUSE 16 Security Update : libssh (openSUSE-SU-2026:20647-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20647-1 advisory. - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in sshscppullrequest bsc1258049 - CVE-2026-0965: Possible Denial of...

SUSE-SU-2026:21428-1 Security update for libssh

This update for libssh fixes the following issues: - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in sshscppullrequest bsc1258049 - CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files bsc1258045 - CVE-2026-0966: Buffer underflow in...

Security update for libssh (moderate)

openSUSE security update: security update for libssh ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20647-1 Rating: moderate References: bsc1246974 bsc1249375 bsc1258045 bsc1258049 bsc1258054 bsc1258080 bsc1258081 Cross-References: CVE-2025-8114...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the VideoProxy process due to a missing ownership check. An attacker can gain unauthorized access to other users' video content by sending crafted requests that bypass access controls...

SUSE CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

CVE-2026-30886 New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference IDOR vulnerability in the video proxy endpoint GET /v1/videos/:taskid/content allows any authenticated user to access video...

New API 安全漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.11.4-alpha.2 contained a security vulnerability. This vulnerability stemmed from insecure direct object references in the video proxy endpoints, which could allow access to other users’ video content...

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

Linux Distros Unpatched Vulnerability : CVE-2026-3731

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c o...

UBUNTU-CVE-2026-3731

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

CVE-2026-30832

CVE-2026-30832 — Soft Serve : A authenticated SSH user could force the server to perform HTTP requests to internal/private IPs by importing a crafted --lfs-endpoint URL, enabling access to internal targets. The initial batch request is blind and metadata endpoint parsing may not yield valid LFS J...

CVE-2026-30832 Soft Serve: SSRF via unvalidated LFS endpoint in repo import

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

CVE-2026-30832 Soft Serve: SSRF via unvalidated LFS endpoint in repo import

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

[SECURITY] Fedora 43 Update: rust-manyhow-0.11.4-1.fc43

Proc macro error handling =C3=A0 la anyhow x proc-macro-error...

[SECURITY] Fedora 42 Update: rust-manyhow-macros-0.11.4-1.fc42

Macro for manyhow...

[SECURITY] Fedora 41 Update: rust-manyhow-macros-0.11.4-1.fc41

Macro for manyhow...