[SECURITY] Fedora 42 Update: rrdtool-1.9.0-8.fc42

RRD is the Acronym for Round Robin Database. RRD is a system to store and display time-series data i.e. network bandwidth, machine-room temperature, server load average. It stores the data in a very compact way that will not expand over time, and it presents useful graphs by processing the data t...

CVE-2025-32751

Dell PowerFlex Manager, versions =4.6.2, contains an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information...

Dell PowerFlex Manager 安全漏洞

Dell PowerFlex Manager is a software-defined infrastructure deployment and lifecycle management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contain security vulnerabilities. These vulnerabilities stem from the insecure storage of sensitive...

CVE-2025-62309 HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields.

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions...

MAL-2026-3672 Malicious code in 1mi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a68ec5fa97918431510ba9ef57d3d601738891094478b5ebf996a3eafa0cb960 This package masquerades as a Cloudflare Worker Telegraf middleware README: 'cfworker-middware-telegraf' but its main module unconditionally forwards...

PT-2026-36573

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

JLSEC-2026-295

HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HGread, resulting in denial of service or potential code execution...

CVE-2026-40556

Removed by vendor...

EUVD-2026-26053

GNU nano creates the user’s /.local directory with overly permissive permissions when the directory does not exist yet. On first use of features requiring Cross-Desktop Group XDG data storage, nano explicitly requests directory mode 0777, making the directory world‑writable in environments where...

CVE-2026-40556

In the connected Debian/CVE entry, GNU nano is affected by a local permission issue: when the user’s ~/.local directory does not exist, nano creates it with mode 0777, making it world‑writable in environments where the umask is lax. This creates a race window where an attacker could leverage the ...

CVE-2026-40556

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

[SECURITY] Fedora 44 Update: tcpflow-1.6.2-0.1.8d47b53.fc44

tcpflow is a program that captures data transmitted as part of TCP connections flows, and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being...

CVE-2026-31562

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipidsihostregister The call to mipidsihostregister triggers a callback to mtkdsibind, which uses devgetdrvdata to retrieve the mtkdsi struct, so this structure needs to be...

PT-2026-34914

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipi dsi host register The call to mipi dsi host register triggers a callback to mtk dsi bind, which uses dev get drvdata to retrieve the mtk dsi struct, so this structure need...

GNU Privacy Guard 2.5.19

GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...

CVE-2026-5650

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The...

EUVD-2026-19364

A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be perform...

CVE-2026-5666 code-projects Online FIR System SQL Database Backup File complaints.sql sensitive information

A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be perform...

EUVD-2026-19233

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The...

CVE-2026-5650

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The...