[SECURITY] Fedora 44 Update: postgresql16-anonymizer-3.0.5-2.fc44

PostgreSQL Anonymizer is an extension to mask or replace personally identifiable information PII or commercially sensitive data from a PostgreSQL database. The project has a declarative approach of anonymization. This means you can declare the masking rules using the PostgreSQL Data Definition...

CVE-2026-29049

melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cau...

[SECURITY] Fedora 43 Update: opentofu-1.11.5-1.fc43

OpenTofu lets you declaratively manage your cloud infrastructure...

CVE-2026-24843

melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries...

CVE-2026-24844

melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in...

How Manifest v3 forced us to rethink Browser Guard, and why that’s a good thing

As a Browser Guard user, you might not have noticed much difference lately. Browser Guard still blocks scams and phishing attempts just like always, and, in many cases, even better. But behind the scenes, almost everything changed. The rules that govern how browser extensions work went through a...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper origin checks of UI route submissions in server-side route action handlers in Framework Mode. An attacker can execute unauthorized actions by tricking a user into submitting a crafted...

GHSA-H5CW-625J-3RXH React Router has CSRF issue in Action/Server Action Request Processing

React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the navigation redirect process for loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes. An attacker can execute arbitrary JavaScript code in the context of the user's browser by...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the navigation redirect process for loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes. An attacker can execute arbitrary JavaScript code in the context of the user's browser by...

GHSA-2W69-QVJG-HVJX React Router vulnerable to XSS via Open Redirects

React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if developers are creating redirect paths...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Meta API in Framework Mode when generating script:ld+json tags during server-side rendering with untrusted content. An attacker can execute arbitrary JavaScript code by injecting malicious input into the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Meta API in Framework Mode when generating script:ld+json tags during server-side rendering with untrusted content. An attacker can execute arbitrary JavaScript code by injecting malicious input into the...

Amazon Linux 2 : qt5-qtdeclarative, --advisory ALAS2-2025-3101 (ALAS-2025-3101)

The version of qt5-qtdeclarative installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3101 advisory. Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability i...

This Year in Spring – December 30th, 2025

Hi, Spring fans! Can you believe it? It's already the 30th of December! I celebrated Christmas with my family in Los Angeles, then we jumped on a flight headed for Southeast Asia to ring in the New Year with more friends and family. I'm sitting at a café in the sweltering city of Kuala Lumpur,...

Fedora: Security Advisory (FEDORA-2025-62d125612b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: qt6-qtdeclarative-6.9.3-2.fc42

Qt6 - QtDeclarative component...

A Bootiful Podcast: The legendary Rossen Stoyanchev on API versioning, declarative interface clients, RestTestClients, and more

Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! In this installment I talk to the legendary Rossen Stoyanchev on API versioning, declarative interface clients, RestTestClients, and more!...

AZL-71647 CVE-2025-12385 affecting package qt5-qtdeclarative 5.12.5-5

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick...

Security advisory: Improper validation of tag size in Text component parser in Qt declarative module impacts Qt

Improper Validation of Specified Quantity in Input vulnerability in Text component parser of the Qt declarative module has been discovered and has been assigned the CVE id CVE-2025-12385 Affected versions: From Qt 5.0.0 to 6.5.10 and from 6.6.0 to 6.8.5 and from 6.9.0 to 6.10.0 Impact: Allocation...