[SECURITY] Fedora 44 Update: erlang-cowlib-2.16.1-1.fc44

Support library for manipulating Web protocols...

CVE-2026-7790

CVE-2026-7790 : Uncontrolled resource consumption in ninenines cowlib (cow_http_te) allows CPU and memory DoS via HTTP/1.1 chunked transfer encoding. The chunk-size field accepts an unbounded number of hex digits, causing O(N^2) CPU work and O(N) memory for N digits; drip-fed input worsens this t...

NextChat 安全漏洞

NextChat is an open-source project developed by NextChat for quickly deploying private ChatGPT web applications. Versions of NextChat 2.16.1 and earlier contained a security vulnerability. This vulnerability stemmed from the improper authorization in the addMcpServer function within the...

EUVD-2026-25931

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...

PT-2026-28789

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms image proxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the sche...

CVE-2023-4879

Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git...

CVE-2023-4189

Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4649

Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1...

CVE-2023-4650

Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4878

Server-Side Request Forgery SSRF in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4704

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4188

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

EUVD-2023-54764

Malicious code in bioql PyPI...

EUVD-2023-54068

Malicious code in bioql PyPI...

EUVD-2023-54504

Malicious code in bioql PyPI...

EUVD-2023-54066

Malicious code in bioql PyPI...

EUVD-2023-54505

Malicious code in bioql PyPI...

CVE-2023-4655

Cross-site Scripting XSS - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1...

CVE-2023-4652

Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2025-32379 XSS at ctx.redirect() function in Koajs

Koa is expressive middleware for Node.js using ES2017 async functions. In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5...