4404 matches found
[SECURITY] Fedora 42 Update: python3.14-3.14.3-2.fc42
Python 3.14 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.14 package provides the "python3.14" executable:...
[SECURITY] Fedora 42 Update: python3.12-3.12.13-2.fc42
Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...
SUSE CVE-2026-23444
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211txprepareskb failure ieee80211txprepareskb has three error paths, but only two of them free the skb. The first error path ieee80211txprepare returning TXDROP does not free it, while...
Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow
Summary SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirecturi. Because the redirectUri configuration is silently unset by default, an attacker spoof the Host header to steal OAuth...
EUVD-2026-18688
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211txprepareskb failure ieee80211txprepareskb has three error paths, but only two of them free the skb. The first error path ieee80211txprepare returning TXDROP does not free it, while...
[SECURITY] Fedora 42 Update: gstreamer1-doc-1.26.11-1.fc42
GStreamer documentation...
[SECURITY] Fedora 43 Update: gstreamer1-doc-1.26.11-1.fc43
GStreamer documentation...
[SECURITY] Fedora 43 Update: rust-1.94.1-1.fc43
Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...
[SECURITY] Fedora 44 Update: rust-1.94.1-1.fc44
Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...
Fedora 43 : gst-devtools / gst-editing-services / gstreamer1 / gstreamer1-doc / etc (2026-e77ad9d792)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-e77ad9d792 advisory. 1.26.11 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issue but...
Fedora 44 : cpp-httplib (2026-03599f0b32)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-03599f0b32 advisory. Update to 0.38.0 rhbz2447261 - Filename sanitization for path traversal prevention Added sanitizefilename to prevent path traversal attacks via malicious...
Fedora 43 : cpp-httplib (2026-e76feaf213)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e76feaf213 advisory. Update to 0.38.0 rhbz2447261 - Filename sanitization for path traversal prevention Added sanitizefilename to prevent path traversal attacks via malicious...
[SECURITY] Fedora 43 Update: python3.13-3.13.12-2.fc43
Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...
CVE-2023-27573
netbox-docker before 2.5.0 has a superuser account with default credentials admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSERAPITOKEN. In practice on the public Internet, almost all users changed the password but only about 90% changed the toke...
CVE-2026-33331
oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificati...
Cross-site Scripting (XSS)
Overview @orpc/openapi is a Affected versions of this package are vulnerable to Cross-site Scripting XSS in the generation of OpenAPI documentation. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious payloads into controllable fields within th...
CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify
oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificati...
CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify
oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificati...
CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify
oRPC is an tool that helps build APIs that are end-to-end type-safe and adhere to OpenAPI standards. Prior to version 1.13.9, a stored cross-site scripting XSS vulnerability exists in the OpenAPI documentation generation of orpc. If an attacker can control any field within the OpenAPI specificati...
orpc 跨站脚本漏洞
Orpc is an open-source RPC and OpenAPI integration framework developed by MiddleAPI. Versions of Orpc prior to 1.13.9 contained a cross-site scripting vulnerability. This vulnerability stemmed from the OpenAPI documentation generation process, which included stored cross-site scripts. This could...