CLEANSTART-2026-DF22934 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, ghsa-6v2p-p543-phr9, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-q754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gwg8-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 0.28.0-r0, 0.28.0-r1

Multiple security vulnerabilities affect the prometheus-statsd-exporter package. These issues are resolved in later releases. See references for individual vulnerability details...

Fedora 43 : headscale (2026-c3c02ffe75)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c3c02ffe75 advisory. update to 0.28.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

SUSE-SU-2025:4457-1 Security update 5.0.6 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-prometheus-alertmanager: - Update to version 0.28.1 jscPED-13285: Improved performance of inhibition rules when using Equal labels. Improve the documentation on escaping in UTF-8 matchers. Update alertmanagerconfighash metric help to document...

SUSE CVE-2025-64443

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

CVE-2025-64443

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

CVE-2025-64443

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

CVE-2025-64443

CVE-2025-64443 details a DNS rebinding vulnerability in MCP Gateway when running in the sse/streaming transport modes . Affected are MCP Gateway versions

Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode

Impact When ran in sse or streaming mode --transport, the Docker MCP Gateway is vulnerable to a DNS rebinding attack. Vulnerability allows for Browser-Based exploitation of any MCP servers that are executing within the Docker MCP Gateway. Any tools or other features exposed by MCP servers can be...

GHSA-46GC-MWH4-CC5R Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode

Impact When ran in sse or streaming mode --transport, the Docker MCP Gateway is vulnerable to a DNS rebinding attack. Vulnerability allows for Browser-Based exploitation of any MCP servers that are executing within the Docker MCP Gateway. Any tools or other features exposed by MCP servers can be...

EUVD-2025-25031

Malicious code in bioql PyPI...

CVE-2025-59399

libocpp before 0.28.0 allows a denial of service EVerest crash because a secondary exception is thrown during error message generation...

Improper Cleanup on Thrown Exception

Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception due to a secondary exception being thrown during error message generation. An attacker can cause the application to crash by triggering an error that leads to this exception. Remediation Upgrade...

CVE-2025-55203

Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting XSS vulnerability exists in the descriptionhtml field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and later executed in other users’ browsers. The...

Plane 跨站脚本漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A cross-site scripting vulnerability exists in Plane versions prior to 0.28.0, which stems from an insufficiently cleaned and escaped descriptionhtml field that could lead to a stored cross-site scripting attack...

CVE-2024-22891

Nteract v.0.28.0 was discovered to contain a remote code execution RCE vulnerability via the Markdown link...

CVE-2023-33955

Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0...

OESA-2025-1197 exiv2 security update

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats. Security Fixes: Exiv2 is a C++ library and a...

CVE-2025-26623

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are not affected. Exiv2 is a command-line utility and C++...

CVE-2024-37902 Path thraversal in DeepJavaLibrary

DeepJavaLibraryDJL is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model...

Nteract Security Vulnerabilities

Nteract is an ecosystem of React components, JavaScript packages, and applications built on the Jupyter specification from Nteract, Inc. A security vulnerability exists in Nteract version v.0.28.0, which stems from a Remote Code Execution RCE vulnerability in Markdown links...