31 matches found
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: rust: cargo-1.95.0-5.hum1 aarch64, x8664 clippy-1.95.0-5.hum1 aarch64, x8664 rust-1.95.0-5.hum1 aarch64, x8664 rust-analyzer-1.95.0-5.hum1 aarch64, x8664 rust-debugger-common-1.95.0-5.hum1 noarch...
CVE-2026-5505
The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's clippy shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2026-27195
The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's clippy shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-5505
The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's clippy shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-5505
The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's clippy shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-5505
CVE-2026-5505 affects the WordPress plugin WP-Clippy (versions up to and including 1.0.0). The vulnerability is a Stored Cross‑Site Scripting via the plugin’s clippy shortcode attributes, caused by insufficient input sanitization and output escaping. Exploitation requires at least contributor‑lev...
CVE-2026-5505 WP-Clippy <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's clippy shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-5505 WP-Clippy <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's clippy shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2026-36955
Name of the Vulnerable Software and Affected Versions WP-Clippy versions prior to 1.0.1 Description The WP-Clippy plugin for WordPress contains a stored cross-site scripting issue. This occurs because of insufficient input sanitization and output escaping on user-supplied attributes within the...
WordPress WP-Clippy plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin WP-Clippy versions = 1.0.0...
Security update for cargo-auditable
This update for cargo-auditable fixes the following issues: Update to version 0.7.20. Security issues fixed: CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257906. Other updates and bugfixes: Update to version 0.7.20: mention cargo-dist...
Recommended update of flake-pilot (moderate)
openSUSE security update: recommended update of flake-pilot ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20000-1 Rating: moderate References: bsc1248004 Cross-References: CVE-2025-55159 CVSS scores: CVE-2025-55159 SUSE : 5.8...
Recommended update of flake-pilot
This update for flake-pilot fixes the following issues: Update version to 3.1.22. Fixes to use flakes as normal user Running a flake is a container based instance provisioning and startup. Some part of this process requires root permissions for example mounting the container instance store for th...
OPENSUSE-SU-2025:20013-1 Recommended update of flake-pilot
This update for flake-pilot fixes the following issues: Update version to 3.1.22. - Fixes to use flakes as normal user Running a flake is a container based instance provisioning and startup. Some part of this process requires root permissions for example mounting the container instance store for...
Security update for afterburn
This update for afterburn fixes the following issues: Update to version 5.8.2: cargo: Afterburn release 5.8.2 docs/release-notes: update for release 5.8.2 cargo: update dependencies cargo: Afterburn release 5.8.1 cargo: Afterburn release 5.8.0 docs/release-notes: update for release 5.8.0 cargo:...
SUSE-SU-2025:20429-1 Security update for afterburn
This update for afterburn fixes the following issues: Update to version 5.8.2: cargo: Afterburn release 5.8.2 docs/release-notes: update for release 5.8.2 cargo: update dependencies cargo: Afterburn release 5.8.1 cargo: Afterburn release 5.8.0 docs/release-notes: update for release 5.8.0 cargo:...
Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...
RUSTSEC-2024-0365 Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...
GHSA-XMRP-424F-VFPX SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,...
SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,...