[SECURITY] Fedora 42 Update: perl-Crypt-URandom-0.55-1.fc42

This Module is intended to provide an interface to the strongest available source of non-blocking randomness on the current platform...

[SECURITY] Fedora 43 Update: perl-Crypt-URandom-0.55-1.fc43

This Module is intended to provide an interface to the strongest available source of non-blocking randomness on the current platform...

GHSA-VPQ2-C234-7XJ6 @tootallnate/once vulnerable to Incorrect Control Flow Scoping

Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...

PT-2026-26413

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.22 Description OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution issue in the shell environment fallback mechanism. This occurs because the software trusts the unvalidated SHELL path fr...

GHSA-72HV-8253-57QQ jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

Summary The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. This allows an attacker to send JSON with arbitrarily long numbers through the async parser API, leading to excessive memory allocation and...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in which the non-blocking async JSON parser can be made to bypass the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. An attacker can cause...

Allocation of Resources Without Limits or Throttling

Overview com.fasterxml.jackson.core:jackson-core is a Core Jackson abstractions, basic JSON streaming API implementation Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in which the non-blocking async JSON parser can be made to bypass the...

CVE-2024-10938 OVRI Payment 1.7.0 - Malicious .htaccess directive

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper...

SUSE CVE-2026-27951

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...

PT-2026-22327

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the execution of certain scripts while allowing execution of known malicious PHP files. If moved outside of the plugin's directory, they may interfere with the proper...

DEBIAN-CVE-2026-27951

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...

UBUNTU-CVE-2026-27951

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...

CVE-2026-27951 FreeRDP has possible Integer overflow in Stream_EnsureCapacity

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function StreamEnsureCapacity can create an endless blocking loop. This may affect all client and server implementations using FreeRDP. For practical exploitation this will only work on 32bit systems whe...

PT-2026-22085

Name of the Vulnerable Software and Affected Versions Drupal Anti-Spam by CleanTalk versions prior to 9.7.0 Description The software contains a flaw related to improper handling of user-supplied data during web page creation, which could allow for Cross-Site Scripting XSS attacks. The issue exist...

PT-2026-22022

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0 Description The Stream EnsureCapacity function in FreeRDP versions prior to 3.23.0 can create an endless blocking loop. This issue may affect all client and server implementations using FreeRDP. Exploitation is...

CVE-2026-23113 io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop

In the Linux kernel, the following vulnerability has been resolved: iouring/io-wq: check IOWQBITEXIT inside work run loop Currently this is checked before running the pending work. Normally this is quite fine, as work items either end up blocking which will create a new worker for other items, or...

3D Printer Surveillance

New York is contemplating a bill that adds surveillance to 3D printers: New York’s 2026­2027 executive budget bill S.9005 / A.10005 includes language that should alarm every maker, educator, and small manufacturer in the state. Buried in Part C is a provision requiring all 3D printers sold or...

CVE-2026-20673

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. Turning off "Load remote content in messages” may not apply to all mail previews...

UBUNTU-CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

CVE-2025-57711

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...