CLEANSTART-2026-UD70996 Security fixes for CVE-2025-11579, CVE-2025-15558, CVE-2025-30153, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-jc7w-c686-c4v9, ghsa-p436-gjf2-799p, ghsa-rwvp-r38j-9rgg, ghsa-wq9g-9vfc-cfq9 applied in versions: 0.8.5-r0, 0.9.7-r1

Multiple security vulnerabilities affect the gptscript package. These issues are resolved in later releases. See references for individual vulnerability details...

Security update for libjxl (moderate)

openSUSE Security Update: Security update for libjxl Announcement ID: openSUSE-SU-2026:0106-1 Rating: moderate References: 1233763 1233783 1258090 Cross-References: CVE-2024-11403 CVE-2024-11498 CVE-2025-12474 CVSS scores: CVE-2024-11403 SUSE: 6.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L...

SUSE CVE-2026-33623

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a...

CVE-2026-33623

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a...

CVE-2026-33621 PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.7.7 through v0.8.4 contain incomplete request-throttling protections for auth-checkable endpoints. In v0.7.7 through v0.8.3, a fully implemented RateLimitMiddleware existed in...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling incomplete enforcement of request throttling in the HTTP handler chain, allowing repeated authentication attempts against endpoints such as /health without per-IP rate limiting. An...

[SECURITY] Fedora 41 Update: rust-prometheus_exporter-0.8.5-5.fc41

Helper libary to export prometheus metrics using tiny-http...

EUVD-2023-0251

Malicious code in bioql PyPI...

EUVD-2021-29198

Malicious code in bioql PyPI...

CVE-2025-54368

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

gvisor-tap-vsock security update

0.8.5-1 - Fix CVE-2025-22869 by updating to 0.8.5 - Resolves: RHEL-81313...

Deserialization of Untrusted Data

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the PyNcclPipe service if it is in use with the V0 engine. An attacker can execute arbitrary code on the...

CVE-2025-30202

A flaw was found in vLLM's multi-node setup, which exposes sensitive data over a ZeroMQ XPUB socket bound to all interfaces. This vulnerability allows unauthorized clients to intercept and read internal communications if they can access the network. Mitigation Mitigation for this issue is either...

CVE-2025-32444 vLLM Vulnerable to Remote Code Execution via Mooncake Integration

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...

CVE-2025-30202 Data exposure via ZeroMQ on multi-node vLLM deployment

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-no...

gvisor-tap-vsock security update

6:0.8.5-1 - Fix CVE-2025-22869 by updating to 0.8.5 - Resolves: RHEL-81312...

WordPress plugin CGM Event Calendar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Contact Form 7 + Telegram 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Contact Form 7 Telegram Plugin <= 0.8.5 is vulnerable to Broken Access Control

Software Contact Form 7 Telegram Type Plugin Vulnerable versions = 0.8.5 Fixed in 0.8.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9629 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bc9031e15885 Credits István Márton Required...

SUSE CVE-2022-4572

A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0. Affected by this issue is the function ubireaderextractfiles of the file ubireader/ubifs/output.py of the component UBIFS File Handler. The manipulation leads to path traversal. The attack may be...