org.apache.dolphinscheduler:dolphinscheduler-dist (>=3.3.2 <=3.4.0), org.apache.dolphinscheduler:dolphinscheduler-standalone-server (>=3.0.0 <=3.0.6) potentially affected by CVE-2026-23902 via org.apache.dolphinscheduler:dolphinscheduler-api (>=3.0.0-alpha <=3.4.0)

org.apache.dolphinscheduler:dolphinscheduler-api MAVEN version =3.0.0-alpha, =3.3.2, =3.0.0, =3.0.6 Source cves: CVE-2026-23902 Source advisory: SNYK:JAVA-ORGAPACHEDOLPHINSCHEDULER-16431736...

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.11.13), org.open-metadata:openmetadata-mcp (>=1.10.0 <=1.11.13) potentially affected by unknown CVE via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.11.3)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.10.0, =1.11.13 Source cves: unknown CVE Source advisory: SNYK:JAVA-ORGOPENMETADATA-14912636...

EUVD-2024-54906

Malicious code in bioql PyPI...

Malicious code in @espace-client-axafr/savings-distribution (npm)

The package communicates with a domain associated with malicious activity...

CVE-2024-48988

SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package SpringBoot platform and does not involve Maven...

CVE-2024-48988

SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package SpringBoot platform and does not involve Maven...

CVE-2024-48988 Apache StreamPark: SQL injection vulnerability

SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package SpringBoot platform and does not involve Maven...

CVE-2025-2937

An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature...

CVE-2025-2938

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval...

SUSE: Security Advisory (SUSE-SU-2025:02066-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2025:02066-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-6685

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members...

CVE-2024-0231

A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...

org.apache.iotdb:iotdb-distribution (=0.13.0) potentially affected by CVE-2022-38370 via org.apache.iotdb:iotdb-grafana-connector (=0.13.0)

org.apache.iotdb:iotdb-grafana-connector MAVEN version =0.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.iotdb:iotdb-grafana-connector and may be impacted: - org.apache.iotdb:iotdb-distribution =0.13.0 Source cves: CVE-2022-38370 Sourc...

[SECURITY] [DSA 4867-1] grub2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4867-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4690-1] dovecot security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4690-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 20, 2020 https://www.debian.org/security/faq -...