[SECURITY] Fedora 42 Update: rust-dua-cli-2.32.2-3.fc42

A tool to conveniently learn about the disk usage of directories, fast!...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005349)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005349 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database...

[SECURITY] Fedora 43 Update: rust-tealdeer-1.7.2-4.fc43

Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching support...

[SECURITY] Fedora 43 Update: rust-ybaas-0.0.19-6.fc43

Don't you love when you accidentally tap your Yubikey when you have your IRC client in focus and you send 987947 into Libera? Want to be able to have that experience without having to reach all the way over to your laptop's USB port? Don't want the complexity of installing and using the yubibomb...

[SECURITY] Fedora 43 Update: rust-sequoia-sq-1.3.1-10.fc43

Command-line frontends for Sequoia...

[SECURITY] Fedora 43 Update: rust-rbw-1.13.2-5.fc43

Unofficial Bitwarden CLI...

[SECURITY] Fedora 43 Update: rust-onefetch-2.26.1-7.fc43

Command-line Git information tool...

[SECURITY] Fedora 43 Update: asciinema-3.0.0-5.fc43

asciinema aka asciinema CLI or asciinema recorder is a command-line tool for recording and live streaming terminal sessions...

Insertion of Sensitive Information into Log File

Overview @rage-against-the-pixel/unity-cli is an A command line utility for the Unity Game Engine. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the sign-package command when the --verbose flag is enabled. An attacker can obtain sensitive...

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.13.0 release.

Red Hat Web Terminal Operator 1.13.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

PT-2026-7170

Name of the Vulnerable Software and Affected Versions unity-cli versions prior to 1.8.2 Description The sign-package command in unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments, including --email and --password, are output via JSON.stringif...

CVE-2026-25731 Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

CVE-2026-25731

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

CVE-2026-25731 Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

CVE-2025-11730

A post‑authentication command injection vulnerability in the Dynamic DNS DDNS configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions from V5.35 through V5.41, USG FLEX 50W series firmware versions from V5.35 through V5.41, and...

React Native Community CLI Server API Node.js Package 4.8.0 < 20.0.0 Remote Code Execution (CVE-2025-11953)

The version of the React Native Community CLI Server API Node.js Package installed on the remote host is 4.8.0 prior to 20.0.0. It is, therefore, affected by a remote code execution vulnerability: - The Metro Development Server, which is opened by the React Native Community CLI, binds to external...

CVE-2026-25541 vulnerabilities

Vulnerabilities for packages: atuin, linkerd2-cni-plugin, berg, zellij, wash, guestproxyagent, valkey-ldap, efs-utils, buck2, mountpoint-s3, cargo-c, geckodriver, wasmtime, sccache, samply, linkerd2-proxy, nushell, watchexec, qdrant, kdash, zed, parseable, fnm, pixi, topgrade, jujutsu, pgcat,...

[SECURITY] Fedora 43 Update: rust-sequoia-sq-1.3.1-9.fc43

Command-line frontends for Sequoia...

[SECURITY] Fedora 42 Update: rust-sequoia-sq-1.3.1-9.fc42

Command-line frontends for Sequoia...

openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand

A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code executi...