CVE-2026-33046 Indico discloses local files resulting in Remote Code Execution through LaTeX injection

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

GHSA-RM2Q-F7JV-3CFP Indico discloses local files resulting in Remote Code Execution through LaTeX injection

!NOTE If server-side LaTeX rendering is not in use ie XELATEXPATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...

Indico discloses local files resulting in Remote Code Execution through LaTeX injection

!NOTE If server-side LaTeX rendering is not in use ie XELATEXPATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...

PT-2026-27251

!NOTE If server-side LaTeX rendering is not in use ie XELATEX PATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...

CVE-2026-33150

CVE-2026-33150 affects libfuse: the io_uring subsystem vulnerability exists from 3.18.0 up to just before 3.18.2. When io_uring thread creation fails due to resource exhaustion (e.g., cgroup pids.max), fuse_uring_start() frees the ring pool but stores a dangling pointer in the session state, caus...

CVE-2026-33150

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...

Wazuh 4.14.4

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.62.0-2

CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.62.0-2. A patched version of the package is available...

CVE-2025-58190 affecting package containerized-data-importer for versions less than 1.62.0-2

CVE-2025-58190 affecting package containerized-data-importer for versions less than 1.62.0-2. A patched version of the package is available...

CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.55.0-28

CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.55.0-28. A patched version of the package is available...

openSUSE 16 Security Update : containerized-data-importer (openSUSE-SU-2026:20279-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20279-1 advisory. Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338:...

devops-security-pipeline-poc

DevOps Security Pipeline POC A security-integrated CI/CD pipe...

Security update for containerized-data-importer (important)

openSUSE security update: security update for containerized-data-importer ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20279-1 Rating: important References: bsc1235204 bsc1235365 bsc1239205 Cross-References: CVE-2024-28180 CVE-2024-45338...

OPENSUSE-SU-2026:20279-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...

SUSE-SU-2026:20550-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...

SUSE SLES15 Security Update : cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (SUSE-SU-2026:0571-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0571-1 advisory. Update to version 1.64.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.64.0 Also cdi was rebuilt...

SUSE-SU-2026:0571-1 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.64.0 - Release notes...

Wazuh 4.14.3

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

AZL-76913 CVE-2025-58190 affecting package containerized-data-importer 1.62.0-1

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-76910 CVE-2025-47911 affecting package containerized-data-importer 1.62.0-1

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...