CLSA-2026-1771112524 Update of alt-php

Update ca-certificates database to 20260129: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "GlobalSign Root CA" Certificate "Entrust.net Premium 2048 Secure Server CA" Certificate "Comodo AAA...

CLSA-2026-1771005847 Update of alt-php

Update ca-certificates database to 20260129: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "GlobalSign Root CA" Certificate "Entrust.net Premium 2048 Secure Server CA" Certificate "Comodo AAA...

agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428), agixt (>=1.1.76b0 <=1.3.71) +9 more potentially affected by CVE-2026-25592 via semantic-kernel (>=0.2.9.dev0 <=1.35.3)

semantic-kernel PYPI version =0.2.9.dev0, =1.0.0, =1.1.76b0, =1.1.0, =0.1.1, =0.1.0, =0.3.0, =1.2.0, =0.2.0, =0.0.1, =1.0.0, =1.0.9 Source cves: CVE-2026-25592 Source advisory: OSV:GHSA-2WW3-72RP-WPP4...

GHSA-38R7-794H-5758 webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence

Summary When experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that appears restricted to a trusted allow-list can be redirected to...

GCVE-1-2026-0010

creationtimestamp| type| source ---|---|--- 2026-01-29 14:42:24+00:00| seen| https://vulnerability.circl.lu/bundle/822f8677-7cc7-44e9-8414-329e2be8aaf1...

GCVE-1-2026-0011

creationtimestamp| type| source ---|---|--- 2026-01-29 14:42:24+00:00| seen| https://vulnerability.circl.lu/bundle/822f8677-7cc7-44e9-8414-329e2be8aaf1...

AZL-75911 CVE-2025-69421 affecting package edk2 for versions less than 20240524git3e722403cd16-14

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

fence-agents security update

4.10.0-98.4 - bundled urllib3: fix CVE-2025-66471 - bundled urllib3: fix CVE-2026-21441 Resolves: RHEL-139793, RHEL-140795 4.10.0-98.1 - bundled urllib3: fix CVE-2025-66418 Resolves: RHEL-136061...

Fedora 43 : qownnotes (2026-00a6b7589c)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-00a6b7589c advisory. See commit history ---- Automatic update for qownnotes-26.1.7-2.fc43. Changelog for qownnotes Fri Jan 16 2026 Artem Polishchuk - 26.1.7-2 - Mask BR:...

CVE-2025-69317

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through 2.4.6...

Azure Linux 3.0 Security Update: gnutls (CVE-2024-28835)

The version of gnutls installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28835 advisory. - A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a...

PT-2026-4030

Name of the Vulnerable Software and Affected Versions AdForest Elementor versions through 3.0.11 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, potentially leading to Reflected Cross-site Scripting XSS. This means that malicious co...

CVE-2018-1000632

creationtimestamp| type| source ---|---|--- 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875...

CVE-2021-43113

creationtimestamp| type| source ---|---|--- 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875...

CVE-2025-32989

creationtimestamp| type| source ---|---|--- 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875 2026-03-10 17:00:08+00:00| seen| https://t.me/truesecator/7979...

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the properties API endpoint. An attacker can access and retrieve the complete list of configurable metadata definitions by sending requests as an authenticated backend user without explicit...

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control via the favorite-output-definitions-table-proxy API endpoint. An attacker can access or modify configurations without proper authorization by sending requests as an authenticated backend user w...

CVE-2026-23495

The CVE-2026-23495 affects Pimcore’s Admin Classic Bundle. The API endpoint that lists Predefined Properties (metadata definitions used across documents, assets, and objects) lacked proper server-side authorization prior to Pimcore versions 2.2.3 and 1.7.16. An authenticated backend user without ...

CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...

CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...