CVE-2026-41167 Jellystat has SQL Injection that leads to to Remote Code Execution

Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via POST /api/getUserDetai...

CVE-2026-41167

Jellystat prior to 1.1.10 exposes SQL injection via POST /api/getUserDetails and POST /api/getLibrary, where unsanitized request-body fields are interpolated into raw SQL. This allows an authenticated user to read any table (including app_config) and, due to node-postgres simple query usage, enab...

GRC-demo-poc-oscal

GRC-OSCAL — continuous compliance, demonstrated A working pro...

SUSE: Security Advisory (SUSE-SU-2026:20976-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2026:20976-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request bsc1253584. - CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validat...

SUSE-SU-2026:20949-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request bsc1253584. - CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validat...

CVE-2026-33747 vulnerabilities

Vulnerabilities for packages: scorecard, trivy-operator, skaffold, docker-compose, kubescape, kaniko, conftest, docker-cli-buildx, trivy, osv-scanner, guac, buildah, zot...

CVE-2026-33748 vulnerabilities

Vulnerabilities for packages: scorecard, trivy-operator, skaffold, docker-compose, kubescape, kaniko, conftest, docker-cli-buildx, trivy, osv-scanner, guac, buildah, zot...

GHSA-4VRQ-3VRQ-G6GG vulnerabilities

Vulnerabilities for packages: scorecard, trivy-operator, skaffold, docker-compose, kubescape, kaniko, conftest, docker-cli-buildx, trivy, osv-scanner, guac, buildah, zot...

GHSA-4C29-8RGM-JVJJ vulnerabilities

Vulnerabilities for packages: scorecard, trivy-operator, skaffold, docker-compose, kubescape, kaniko, conftest, docker-cli-buildx, trivy, osv-scanner, guac, buildah, zot...

GHSA-4C29-8RGM-JVJJ vulnerabilities

Vulnerabilities for packages: docker-compose-fips, cloudbeat-fips, buildah-fips, docker-cli-buildx, scorecard, cloudbeat, trivy-operator, kubescape, kubescape-server-fips, kubescape-server, kaniko, docker-fips, kaniko-fips, guac, docker-cli-buildx-fips, conftest, trivy-fips, trivy,...

GHSA-4VRQ-3VRQ-G6GG vulnerabilities

Vulnerabilities for packages: docker-compose-fips, cloudbeat-fips, buildah-fips, docker-cli-buildx, scorecard, cloudbeat, trivy-operator, kubescape, kubescape-server-fips, kubescape-server, kaniko, docker-fips, kaniko-fips, guac, docker-cli-buildx-fips, conftest, trivy-fips, trivy,...

CVE-2026-33747 vulnerabilities

Vulnerabilities for packages: docker-compose-fips, cloudbeat-fips, buildah-fips, docker-cli-buildx, scorecard, cloudbeat, trivy-operator, kubescape, kubescape-server-fips, kubescape-server, kaniko, docker-fips, kaniko-fips, guac, docker-cli-buildx-fips, conftest, trivy-fips, trivy,...

CVE-2026-33748 vulnerabilities

Vulnerabilities for packages: docker-compose-fips, cloudbeat-fips, buildah-fips, docker-cli-buildx, scorecard, cloudbeat, trivy-operator, kubescape, kubescape-server-fips, kubescape-server, kaniko, docker-fips, kaniko-fips, guac, docker-cli-buildx-fips, conftest, trivy-fips, trivy,...

SUSE-SU-2026:20871-1 Security update for docker-compose

This update for docker-compose fixes the following issue: - CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files bsc1252752...

Heimdall: Path received via Envoy gRPC corrupted when containing query string

Summary When using heimdall in envoy gRPC decision API mode, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. The HTTP based decision API is NOT affected, and proxy mode is NOT affected either. Note: The issue can only lead to unintended acces...

CVE-2025-11065 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-11065 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

CVE-2025-47911 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-47911 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

CVE-2025-58190 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-58190 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

SUSE-SU-2026:20656-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read bsc1254041. - CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or signing request...