CVE-2026-32685 Path Traversal in gleam docs build via documentation.pages Allows Arbitrary File Read and Write

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

CVE-2026-42574

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same o...

Prototype Pollution

Overview next-intl is an Internationalization i18n for Next.js Affected versions of this package are vulnerable to Prototype Pollution in the setNestedProperty function when processing translation catalog keys containing reserved properties such as proto, constructor, or prototype. An attacker ca...

Red Hat OpenShift Container Platform 代码问题漏洞

Red Hat OpenShift Container Platform is a platform developed by Red Hat Inc., which helps enterprises develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. There is a code vulnerability in Red Hat OpenShift Container Platform...

CVE-2026-39977

The CVE concerns flatpak-builder (versions 1.4.5–1.4.7) where the license-files manifest key accepts an array of paths relative to the module source. Paths are validated using two checks, but the final path component and symlink handling can allow path traversal. The copy operation runs on the ho...

CVE-2026-39977

flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...

Red Hat Web Terminal 安全漏洞

Red Hat Web Terminal is a browser-based terminal tool developed by the American company Red Hat. There is a security vulnerability in Red Hat Web Terminal, which stems from the fact that the /etc/passwd file was set with writeable group permissions during the build process. This vulnerability cou...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from SWIG filenames marked with the "go" label and containing carefully crafted malicious...

PT-2026-28523

Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.37 Description BentoML is a Python library used for building online serving systems for AI applications and model inference. A flaw exists where the docker.system packages field within the bentofile.yaml file does...

PT-2026-6640

Name of the Vulnerable Software and Affected Versions Webpack versions 5.49.0 through 5.103.9 Description Webpack’s HTTPS resolver HttpUriPlugin does not re-validate allowed URLs after following HTTP 30x redirects when the experiments.buildHttp feature is enabled. This allows an import that appea...

CVE-2026-25143

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

MiracleLinux 7 : buildah-1.11.6-11.el7 (AXSA:2020-066:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-066:02 advisory. buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 containers/image: Container images read...

EUVD-2025-204013

Storybook manager bundle may expose environment variables during build...

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview @storybook/core-common is a Storybook framework-agnostic API Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the storybook build command. An attacker can access sensitive environment variables by...

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview storybook is a frontend workshop for building UI components and pages in isolation. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the storybook build command. An attacker can access sensitive...

EUVD-2025-18459

Malicious code in bioql PyPI...

EUVD-2025-18460

Malicious code in bioql PyPI...

EUVD-2021-28187

Malicious code in bioql PyPI...

Use of Externally-Controlled Format String

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

CVE-2025-32798

The conda-build contains commands and tools to build conda packages. The conda-build recipe processing logic was found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval function to process embedded selectors in meta.yam...