GHSA-8JVR-VH7G-F8GX vulnerabilities

Vulnerabilities for packages: nats-server, apache-beam-java-sdk, tetragon, gitlab-kas-fips, kubernetes-csi-external-resizer, jaeger-operator, pgwatch, amazon-ecs-agent, grype-fips, stakater-reloader, nsc-fips, vitess, azcopy-fips, kubernetes-ingress-defaultbackend-fips, cert-manager-cmctl,...

[SECURITY] Fedora 43 Update: rust-oo7-cli-0.4.3-4.fc43

System keyring access from the terminal...

[SECURITY] Fedora 43 Update: rust-dua-cli-2.32.2-3.fc43

A tool to conveniently learn about the disk usage of directories, fast!...

GHSA-4255-C27H-62M5 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

The sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log...

Linux Distros Unpatched Vulnerability : CVE-2026-25918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive...

CVE-2026-25918

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

CVE-2026-25918

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

CVE-2026-25918

The CVE concerns the unity-cli tool (specifically the sign-package command in the package @rage-against-the-pixel/unity-cli). Before version 1.8.2, when invoked with --verbose, the command logs sensitive credentials in plaintext by serializing CLI arguments (including --email and --password) with...

CVE-2026-25918

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

unity-cli 日志信息泄露漏洞

unity-cli is a command-line utility for the Unity game engine, open-sourced by RageAgainstThePixel. Versions of unity-cli prior to 1.8.2 had a vulnerability related to log information leakage. This vulnerability stemmed from the sign-package command, which recorded sensitive credentials in plain...

[SECURITY] Fedora 43 Update: k9s-0.50.18-1.fc43

Kubernetes CLI To Manage Your Clusters In Style!...

EUVD-2026-5577

OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command injection as the gateway user. This vulnerabilit...

Ubuntu: Security Advisory (USN-8012-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2026-6869

Summary A Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling the...

AZL-76880 CVE-2025-58190 affecting package cf-cli 8.7.11-4

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-76830 CVE-2025-47911 affecting package cf-cli for versions less than 8.4.0-27

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-76883 CVE-2025-47911 affecting package cf-cli 8.7.11-4

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...