WordPress plugin WP Docs 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat10: tomcat10-10.1.54-1.hum1 noarch tomcat10-admin-webapps-10.1.54-1.hum1 noarch tomcat10-common-10.1.54-1.hum1 noarch tomcat10-docs-webapp-10.1.54-1.hum1 noarch...

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: kots, zarf, helm-mapkubeapis, kubescape, consul-k8s, kuma, helm-push, k8ssandra-client, pluto, teleport, chart-testing, helm-set-status, trivy-operator, istio, linkerd2, cert-manager-cmctl, cluster-api-helm-controller, trivy, rancher-fleet, kube-arangodb,...

CVE-2026-35206 vulnerabilities

Vulnerabilities for packages: kots, zarf, helm-mapkubeapis, kubescape, consul-k8s, kuma, helm-push, k8ssandra-client, pluto, teleport, chart-testing, helm-set-status, trivy-operator, istio, linkerd2, cert-manager-cmctl, cluster-api-helm-controller, trivy, rancher-fleet, kube-arangodb,...

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: helm-operator-fips, kuma, nova-fips, cert-manager-cmctl-fips, pluto-fips, tigera-operator, cerbos, chart-testing-fips, cloudbeat-fips, eksctl, zarf-fips, cert-manager-cmctl, envoy-gateway, consul-k8s-fips, trivy-fips, tigera-operator-fips, headlamp,...

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: vendir, nri-mssql, jsonnet-bundler, pluto-fips, dkron, nri-cassandra-fips, trivy-fips, actions-runner-controller, azure-ipam, knative-eventing-fips, mongo-tools-fips, kube-logging-operator-custom-runner-fips, mailpit-fips, dex-fips, longhorn-cli, kots, kbld-fips,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: vendir, pvc-autoresizer-fips, nri-mssql, nodetaint, vault-k8s-fips, descheduler, git-sync-fips, s5cmd, spicedb-operator, grafana-mimir, jsonnet-bundler, knative-net-istio-fips, kubernetes-secret-generator, pluto-fips, spire-controller-manager, dkron, cadvisor, wal-g,...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs20: nodejs20-20.20.0-7.1.hum1 aarch64, x8664 nodejs20-bin-20.20.0-7.1.hum1 noarch nodejs20-devel-20.20.0-7.1.hum1 aarch64, x8664 nodejs20-docs-20.20.0-7.1.hum1 noarch...

@saasmakers/ui (>=0.1.88 <=0.1.117), @styleframe/app (>=0.0.1 <=0.1.1) +13 more potentially affected by CVE-2026-39315 via unhead (>=2.0.0-alpha.0 <=2.1.12)

unhead NPM version =2.0.0-alpha.0, =0.1.88, =0.0.1, =1.1.0, =2.0.0, =2.0.0, =2.0.0-alpha.0, =2.0.0, =2.0.0, =2.0.0, =1.2.0, =0.0.2, =0.17.0, =2.0.0-alpha.8, =0.1.0-beta.10, =0.1.0-beta.14 Source cves: CVE-2026-39315 Source advisory: SNYK:JS-UNHEAD-15965923...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.9.3 release.

Red Hat Developer Hub 1.9.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

fabricauthenticator (>=0.0.2.5 <=1.3.4rc0), jupyterhub-ltiauthenticator (=1.3.0) +11 more potentially affected by CVE-2026-33175 via oauthenticator (>=0.13.0 <=16.3.1)

oauthenticator PYPI version =0.13.0, =0.0.2.5, =0.11.0, =0.9.1, =3.0.0, =1.0.2, =0.1.0, =1.1.9, =0.5.0, =0.30.1, =0.2.25, =0.0.2, =0.4.2 Source cves: CVE-2026-33175 Source advisory: OSV:GHSA-RRVG-CXH4-QHRV...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs24: nodejs24-24.14.1-4.hum1 aarch64, x8664 nodejs24-bin-24.14.1-4.hum1 noarch nodejs24-devel-24.14.1-4.hum1 aarch64, x8664 nodejs24-docs-24.14.1-4.hum1 noarch...

[SECURITY] Fedora 44 Update: python3.12-3.12.13-2.fc44

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

au.csiro.pathling:encoders (>=8.0.0 <=9.5.0), au.csiro.pathling:fhirpath (>=8.0.0 <=9.5.0) +166 more potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.4.1 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.4.1, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.8.1 and more Source cves: CVE-2026-34359 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855257...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.5 release.

Red Hat Developer Hub 1.8.5 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

CVE-2026-5007

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

[SECURITY] Fedora 43 Update: python3.11-3.11.15-2.fc43

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

[SECURITY] Fedora 44 Update: python3.11-3.11.15-2.fc44

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

[SECURITY] Fedora 44 Update: python3.13-3.13.12-2.fc44

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

CVE-2026-5007 kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...