Critical: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.18.23 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.18.23 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.18.23 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-7032: RHODF 4.18.23 release NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945...

CVE-2026-7684

A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be...

PT-2026-36674

Name of the Vulnerable Software and Affected Versions Edimax BR-6428nC versions prior to 1.17 Description A buffer overflow can be triggered remotely via an unknown function within the '/goform/setWAN' endpoint. This occurs through the manipulation of the pptpDfGateway argument. Recommendations A...

Malicious code in df-sandbox-test (npm)

Multiple evidences indicate malicious behaviors: data exfiltration, sensitive file access, obfuscated code, and suspicious network connections. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97761ee82976dcee2c3d8438258e8ace733bec2d2c7e1020035e9e390f9fa02f The...

CVE-2026-4500 bagofwords1 bagofwords code_execution.py generate_df injection

A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generatedf of the file backend/app/ai/codeexecution/codeexecution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available and might be used...

CVE-2026-4500

Summary: CVE-2026-4500 affects bagofwords1 bagofwords (up to 0.0.297). The vulnerability targets the function generate_df in backend/app/ai/code_execution/code_execution.py, enabling injection via manipulation of inputs. The attack could be launched remotely and an exploit is publicly available. ...

CVE-2025-23708

Cross-Site Request Forgery CSRF vulnerability in Dominic Fallows DF Draggable df-draggable allows Stored XSS.This issue affects DF Draggable: from n/a through = 1.13.2...

CVE-1999-0025

root privileges via buffer overflow in df command on SGI IRIX systems...

EUVD-2020-0319

Malware in sbrugna...

EUVD-2005-2084

Malware in sbrugna...

EUVD-1999-0025

Malware in sbrugna...

EUVD-2006-2498

Malware in sbrugna...

EUVD-2025-3361

Malicious code in bioql PyPI...

MAL-2025-9925 Malicious code in @zalastax/nolb-_df (npm)

The package @zalastax/nolb-df was found to contain malicious code...

kernel: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of dfv17channelnumber Check the fbchannelnumber range to avoid the array out-of-bounds read error...

The vulnerability of the sqlo_df component in the virtuoso-opensource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the sqlodf component in the virtuoso-opensource web application development platform is related to the improper disabling or release of resources. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted SQL queries...

Malicious code in @dealfront/df-dictionaries (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 005f6dc68da6691a10ef5aad4e7b77f4e8cdcbbe7aa892786754c834aba4f46a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-23708

Cross-Site Request Forgery CSRF vulnerability in Dominic Fallows DF Draggable df-draggable allows Stored XSS.This issue affects DF Draggable: from n/a through = 1.13.2...

CVE-2025-23708

Cross-Site Request Forgery CSRF vulnerability in Dominic Fallows DF Draggable df-draggable allows Stored XSS.This issue affects DF Draggable: from n/a through = 1.13.2...

CVE-2025-23708 WordPress DF Draggable plugin <= 1.13.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Dominic Fallows DF Draggable df-draggable allows Stored XSS.This issue affects DF Draggable: from n/a through = 1.13.2...