Malicious code in robase-fast-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eb36bd6222d998fae305e6200dff6413fec375765d7b81876e8041b72101c7ef During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-3050 Malicious code in robase-fast-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eb36bd6222d998fae305e6200dff6413fec375765d7b81876e8041b72101c7ef During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-3045 Malicious code in quicktestybesty (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 459aa54bf8ac82101b14d4f85d01dde304aa638276b69a76254ff080ea52d5af During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-3044 Malicious code in quicksolving (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 334524bfbf6438acc5016e76054740cdb532bdd9921695cbcc1852c568226708 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

MAL-2026-3043 Malicious code in rosolver (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0904af239ce7e030d9cde78de066412fb3942a4b12ea8be5c5d45681417230fc During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

Malicious code in robase-library-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3655afd9220b8d5df96a51d63e383fd4face5be5f31a2da02bcaf379d6625c6b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

[SECURITY] Fedora 44 Update: python-pillow-12.2.0-1.fc44

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

[SECURITY] Fedora 44 Update: rust-sccache-0.14.0-2.fc44

Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage...

Flowise 代码问题漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, such as 3.1.0, contained code vulnerabilities. These vulnerabilities stemmed from multiple logical flaws in the security wrapper, allowing attackers to bypass the...

EUVD-2026-24650

The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapperclass' shortcode attribute of the 'my-instagram-feed' shortcode in all versions up to, and including, 3.1.2. This is due to insufficient input sanitization and output escaping on user...

[SECURITY] Fedora 43 Update: python-pillow-11.3.0-8.fc43

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

CVE-2026-4085

The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapperclass' shortcode attribute of the 'my-instagram-feed' shortcode in all versions up to, and including, 3.1.2. This is due to insufficient input sanitization and output escaping on user...

CVE-2026-4085

Summary: CVE-2026-4085 affects the Easy Social Photos Gallery WordPress plugin (versions up to 3.1.2). The vulnerability is a Stored XSS via the wrapper_class attribute of the my-instagram-feed shortcode, caused by using sanitize_text_field() instead of escaping with esc_attr() when outputting in...

CVE-2026-4085 Easy Social Photos Gallery <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrapper_class' Shortcode Attribute

The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapperclass' shortcode attribute of the 'my-instagram-feed' shortcode in all versions up to, and including, 3.1.2. This is due to insufficient input sanitization and output escaping on user...

PT-2026-34281

Name of the Vulnerable Software and Affected Versions Easy Social Photos Gallery versions prior to 3.1.3 Description Stored Cross-Site Scripting is possible due to insufficient input sanitization and output escaping of user-supplied attributes. The plugin uses the sanitize text field function...

WordPress plugin Easy Social Photos Gallery 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013640)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013640 advisory. In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: fix refcount leak in pcigetdevwrapper As the comment of pcigetdomainbusandslot says, ...

GHSA-FG79-CR9C-7369 OpenMage LTS: Phar Deserialization leads to Remote Code Execution

PHP functions such as getimagesize, fileexists, and isreadable can trigger deserialization when processing phar:// stream wrapper paths. OpenMage LTS uses these functions with potentially controllable file paths during image validation and media handling. An attacker who can upload a malicious ph...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012985)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012985 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the...

PT-2026-33796

Name of the Vulnerable Software and Affected Versions Magento Long Term Support LTS versions prior to 20.17.0 Description PHP functions such as getimagesize, file exists, and is readable can trigger deserialization when processing phar:// stream wrapper paths. The software uses these functions wi...