EUVD-2026-32892

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

OPENSUSE-SU-2026:10837-1 python311-impacket-0.13.1-1.1 on GA media

These are all security issues fixed in the python311-impacket-0.13.1-1.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] Fedora 44 Update: rust-sequoia-chameleon-gnupg-0.13.1-12.fc44

Sequoia's reimplementation of the GnuPG interface...

CVE-2026-42224

ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no...

CVE-2026-42224

The CVE-2026-42224 entry concerns ipl/web (Icinga Web components). Prior to version 0.13.1, it is vulnerable to reflected XSS via malformed search requests, enabling an attacker to inject JavaScript that runs in a victim’s browser when visiting a crafted site. The issue is patched in 0.13.1. A re...

Icinga PHP Library 跨站脚本漏洞

The Icinga PHP Library is an open-source monitoring and metrics solution system’s web component developed by Icinga. Versions of the Icinga PHP Library prior to 0.13.1 contained a cross-site scripting vulnerability. This vulnerability allowed attackers to inject malicious JavaScript into the...

ipl/web is vulnerable to reflected XSS by malformed search requests

Impact The vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no immediate chance to notice any wrongdoing. Patches Version 0.13.1 includes a fix for...

GHSA-55WF-5M3Q-6JJF ipl/web is vulnerable to reflected XSS by malformed search requests

Impact The vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may have no immediate chance to notice any wrongdoing. Patches Version 0.13.1 includes a fix for...

EUVD-2021-21472

Malware in sbrugna...

EUVD-2025-10648

Malicious code in bioql PyPI...

Arbitrary Code Injection

Overview megatron-core is a Megatron Core - a library for efficient and scalable training of transformer based models Affected versions of this package are vulnerable to Arbitrary Code Injection in the pretraingpt script. An attacker can execute arbitrary code, escalate privileges, access sensiti...

Security Bulletin: NVIDIA Megatron LM - September 2025

NVIDIA has released a software update for NVIDIA® Megatron LM. To protect your system, clone or update this software to version 0.13.1 and 0.12.3 or later from NVIDIA/Megatron-LM on NVIDIA GitHub. Go to NVIDIA Product Security...

CVE-2024-54148

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

CVE-2024-55947

Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

CVE-2025-31009

Server-Side Request Forgery SSRF vulnerability in Jan Boddez IndieBlocks indieblocks allows Server Side Request Forgery.This issue affects IndieBlocks: from n/a through = 0.13.1...

WordPress plugin IndieBlocks 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

CVE-2024-41819

Note Mark is a web-based Markdown notes app. A stored cross-site scripting XSS vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1...

SUSE CVE-2024-54148

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

SUSE CVE-2024-55947

Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

CVE-2024-54148

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1...