elFinder: Command injection in resize background color parameter when using ImageMagick CLI

Severity High bg can be injected into shell command construction, leading to possible RCE in affected configurations. Summary elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image...

GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: verticadb-operator, rancher-agent, consul-k8s, k8sgpt-operator, aws-node-termination-handler, k8ssandra-client, postgres-operator, zarf, trivy-operator, kubeflow-pipelines, terraform-provider-kubernetes, falcoctl, cluster-api, emissary, vcluster, k8sgpt, cilium-cli,...

CVE-2026-35469 vulnerabilities

Vulnerabilities for packages: verticadb-operator, rancher-agent, consul-k8s, k8sgpt-operator, aws-node-termination-handler, k8ssandra-client, postgres-operator, zarf, trivy-operator, kubeflow-pipelines, terraform-provider-kubernetes, falcoctl, cluster-api, emissary, vcluster, k8sgpt, cilium-cli,...

GHSA-XGP8-3HG3-C2MH vulnerabilities

Vulnerabilities for packages: kdash, wasmtime, zizmor, sqlx, linkerd-extension-init, uv, wasmcloud, sentry-cli, garage, linkerd-network-validator, atuin, samply, tealdeer, ztunnel-fips, lakekeeper, shadowsocks-rust, xh, py3-xet-core, zellij, komodo, lychee, sccache, linkerd2, linkerd2-cni-plugin,...

GHSA-965H-392X-2MH5 vulnerabilities

Vulnerabilities for packages: kdash, wasmtime, zizmor, sqlx, linkerd-extension-init, uv, wasmcloud, sentry-cli, garage, linkerd-network-validator, atuin, samply, tealdeer, ztunnel-fips, lakekeeper, shadowsocks-rust, xh, py3-xet-core, zellij, komodo, lychee, sccache, linkerd2, linkerd2-cni-plugin,...

CVE-2026-35469 vulnerabilities

Vulnerabilities for packages: terraform-provider-kubernetes, gpu-operator, dynamic-localpv-provisioner-fips, kubernetes-dashboard-api, zarf, trident-fips, k8ssandra-client-fips, datadog-agent, linkerd2-fips, trivy-operator, k9s, eksctl, eks-distro, cri-tools, cloudnative-pg, k8sgpt-operator,...

[SECURITY] Fedora 43 Update: podman-5.8.2-1.fc43

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

@saltcorn/cli (>=1.0.0 <=1.4.5), @saltcorn/mobile-builder (>=1.0.0 <=1.4.5) potentially affected by CVE-2026-42259 via @saltcorn/server (>=1.0.0-beta.1 <=1.4.5)

@saltcorn/server NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.4.5 Source cves: CVE-2026-42259 Source advisory: SNYK:JS-SALTCORNSERVER-16111017...

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-beta.4), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-beta.4) potentially affected by CVE-2026-42259 via @saltcorn/server (>=1.6.0-alpha.0 <=1.6.0-beta.4)

@saltcorn/server NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.4 Source cves: CVE-2026-42259 Source advisory: OSV:GHSA-F3G8-9XV5-77GV...

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-beta.4), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-beta.4) potentially affected by CVE-2026-42259 via @saltcorn/server (>=1.6.0-alpha.0 <=1.6.0-beta.4)

@saltcorn/server NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.4 Source cves: CVE-2026-42259 Source advisory: SNYK:JS-SALTCORNSERVER-16111017...

@saltcorn/cli (>=1.5.0 <=1.5.5-beta.0), @saltcorn/mobile-builder (>=1.5.0 <=1.5.5-beta.0) potentially affected by CVE-2026-41478 via @saltcorn/server (>=1.5.0-beta.0 <=1.5.5)

@saltcorn/server NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.5-beta.0 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNSERVER-16110989...

@saltcorn/cli (>=1.0.0 <=1.4.5), @saltcorn/mobile-builder (>=1.0.0 <=1.4.5) potentially affected by CVE-2026-41478 via @saltcorn/server (>=1.0.0-beta.1 <=1.4.5)

@saltcorn/server NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.4.5 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNSERVER-16110989...

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-beta.4), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-beta.4) potentially affected by CVE-2026-41478 via @saltcorn/server (>=1.6.0-alpha.0 <=1.6.0-beta.4)

@saltcorn/server NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.4 Source cves: CVE-2026-41478 Source advisory: OSV:GHSA-JP74-MFRX-3QVH...

@saltcorn/cli (>=1.0.0 <=1.4.5), @saltcorn/mobile-builder (>=1.0.0 <=1.4.5) potentially affected by CVE-2026-41478 via @saltcorn/mobile-app (>=1.0.0-beta.1 <=1.4.5)

@saltcorn/mobile-app NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.4.5 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNMOBILEAPP-16110990...

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-beta.4), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-beta.4) potentially affected by CVE-2026-41478 via @saltcorn/mobile-app (>=1.6.0-alpha.0 <=1.6.0-beta.4)

@saltcorn/mobile-app NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.4 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNMOBILEAPP-16110990...

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-beta.4), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-beta.4) potentially affected by CVE-2026-41478 via @saltcorn/server (>=1.6.0-alpha.0 <=1.6.0-beta.4)

@saltcorn/server NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.4 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNSERVER-16110989...

@saltcorn/cli (>=1.5.0 <=1.5.5-beta.0), @saltcorn/mobile-builder (>=1.5.0 <=1.5.5-beta.0) potentially affected by CVE-2026-41478 via @saltcorn/server (>=1.5.0-beta.0 <=1.5.5)

@saltcorn/server NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.5-beta.0 Source cves: CVE-2026-41478 Source advisory: OSV:GHSA-JP74-MFRX-3QVH...

@godmode-team/godmode (=1.6.1), @growthub/cli (>=0.3.1 <=0.3.44) +8 more potentially affected by unknown CVE via @paperclipai/server (>=0.2.7 <=2026.416.0-canary.1)

@paperclipai/server NPM version =0.2.7, =0.3.1, =0.1.45, =2026.324.0-canary.0, =0.0.2, =0.2.2, =0.6.5, =0.6.6 - solounicornclub =0.3.1 - stacy-cli =0.3.1 Source cves: unknown CVE Source advisory: OSV:GHSA-3XX2-MQJM-HG9X...

@godmode-team/godmode (=1.6.1), @growthub/cli (>=0.3.1 <=0.3.44) +8 more potentially affected by unknown CVE via @paperclipai/server (>=0.2.7 <=2026.416.0-canary.1)

@paperclipai/server NPM version =0.2.7, =0.3.1, =0.1.45, =2026.324.0-canary.0, =0.0.2, =0.2.2, =0.6.5, =0.6.6 - solounicornclub =0.3.1 - stacy-cli =0.3.1 Source cves: unknown CVE Source advisory: OSV:GHSA-47WQ-CJ9Q-WPMP...

@godmode-team/godmode (=1.6.1), @growthub/cli (>=0.3.1 <=0.3.44) +8 more potentially affected by unknown CVE via @paperclipai/server (>=0.2.7 <=2026.416.0-canary.1)

@paperclipai/server NPM version =0.2.7, =0.3.1, =0.1.45, =2026.324.0-canary.0, =0.0.2, =0.2.2, =0.6.5, =0.6.6 - solounicornclub =0.3.1 - stacy-cli =0.3.1 Source cves: unknown CVE Source advisory: OSV:GHSA-VR7G-88FQ-VHQ3...