EUVD-2026-12564

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to...

[SECURITY] Fedora 42 Update: rust-cargo-deny-0.18.9-4.fc42

Cargo plugin to help you manage large dependency graphs...

[SECURITY] Fedora 43 Update: rust-cargo-deny-0.18.9-4.fc43

Cargo plugin to help you manage large dependency graphs...

Version-Level Third-Party Library Detection in Android Applications Via Class Structural Similarity

Android applications apps integrate reusable and well-tested third-party libraries TPLs to enhance functionality and shorten development cycles. However, recent research reveals that TPLs have become the largest attack surface for Android apps, where the use of insecure TPLs can compromise both...

[SECURITY] Fedora 39 Update: rust-cargo-deny-0.14.21-2.fc39

Cargo plugin to help you manage large dependency graphs...

Fedora: Security Advisory for rust-cargo-deny (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2016-2803

Cross-site scripting XSS vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML...

CVE-2016-2803

Cross-site scripting XSS vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML...

CVE-2016-2803

Cross-site scripting XSS vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML...

Fedora 23 : bugzilla (2016-6cdcddef2c)

The bugzilla devs discovered that a specially crafted bug summary could trigger XSS in dependency graphs CVE-2016-2803. This release fixes the issue. ---- A bug in Bugzilla caused it to send improperly formatted email addresses. This update contains the fix to this problem. Note that Tenable...

Updated bugzilla packages fix CVE-2016-2803

Updated bugzilla packages fix security vulnerability: In Bugzilla before 4.4.12, due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs CVE-2016-2803...

Bugzilla security issues

Bugzilla Security Advisory A specially crafted bug summary could trigger XSS in dependency graphs. Due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs...