RLSA-2026:24331 Important: cockpit-image-builder security update

The image-builder-frontend generates custom images suitable for deploying systems or uploading to the cloud. It integrates into Cockpit as a frontend for osbuild. Security Fixes: lodash: prototype pollution in .unset and .omit functions CVE-2025-13465 lodash: lodash: Arbitrary code execution via...

PT-2026-48680

Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input ...

CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

CVE-2026-42228

n8n (open source workflow automation) has a vulnerability in the /chat WebSocket endpoint used by the Chat Trigger node’s Hosted Chat feature. The issue: an unauthenticated attacker could attach to a workflow execution in a waiting state without verifying authorization, receive the pending prompt...

Eval Injection

Agno is vulnerable to Eval Injection. The vulnerability is due to unsafe use of eval on the fieldtype parameter without proper validation, which allows an attacker to execute arbitrary Python code by manipulating input...

CVE-2026-35053

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

EUVD-2018-20477

Malware in sbrugna...

EUVD-2014-9442

Malware in sbrugna...

EUVD-2018-17180

Malware in sbrugna...

EUVD-2022-6626

Malicious code in bioql PyPI...

EUVD-2022-6077

Malicious code in bioql PyPI...

EUVD-2022-6096

Malicious code in bioql PyPI...

EUVD-2022-38612

Malicious code in bioql PyPI...

EUVD-2022-7229

Malicious code in bioql PyPI...

EUVD-2022-6038

Malicious code in bioql PyPI...

CVE-2025-59937

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...

CVE-2024-36346

Improper input validation in AMD Power Management Firmware PMFW could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition...

PT-2025-36327

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where the account console and other pages accept arbitrary text in the error description query parameter. This text is directly rendered in error pages without...

Active Storage allowed transformation methods that were potentially unsafe

Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...