MINI-QFPH-MVXP-JCWX

Bulletin has no description...

MAL-2026-2035 Malicious code in @emilgroup/api-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58c245a310d05383d1fdf2e98691e5ea42d0505bdab8e27120537609d6bb4acd The package @emilgroup/api-documentation was found to contain malicious code. Source: ghsa-malware...

Fedora 42 : python-scitokens (2026-dec8f790f7)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dec8f790f7 advisory. - Remove legacy parent SciToken chaining behavior from token initialization and claim handling - Harden Enforcer scope path traversal validation including...

Fedora 44 : python-scitokens (2026-86ad7d8a1a)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-86ad7d8a1a advisory. - Remove legacy parent SciToken chaining behavior from token initialization and claim handling - Harden Enforcer scope path traversal validation including...

CVE-2026-32844

XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...

PT-2026-26754

Name of the Vulnerable Software and Affected Versions orpc versions prior to 1.13.9 Description orpc, a tool for building type-safe APIs adhering to OpenAPI standards, contains a stored cross-site scripting XSS issue in its OpenAPI documentation generation. An attacker controlling fields within t...

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio 5.0.6 and earlier have security vulnerabilities. These vulnerabilities st...

UBUNTU-CVE-2026-3479

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

EUVD-2026-12749

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to version 1.4.27, an Elysia cookie can be overridden by prototype pollution , eg. proto. This issue is patched in 1.4.27. As a workaround, use t.Cookie validatio...

ai-pocs

AI PoCs Workspace Personal workspace for AI/LLM experiments a...

Quip MCP Server 命令注入漏洞

Quip MCP Server is a documentation-based server developed by AvinashBole. Version 1.0.0 of Quip MCP Server has a command injection vulnerability, which stems from incorrect operations on the function setupToolHandlers in the file src/index.ts, potentially leading to command injection...

[SECURITY] Fedora 44 Update: python3.11-3.11.15-1.fc44

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

[SECURITY] Fedora 44 Update: python3.10-3.10.20-1.fc44

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...

[SECURITY] Fedora 44 Update: gstreamer1-doc-1.28.1-1.fc44

GStreamer documentation...

MINI-Q6GH-5VCM-X8XW

Bulletin has no description...

MINI-7QVH-WXXC-3WFP

Bulletin has no description...

Spinning complex ideas into clear docs with Kri Dontje

Welcome back! This week, we're shining a spotlight on Kri Dontje, a technical writer who's become an essential voice in making Cisco Talos' work understandable for a wide audience. With a background in technical communications and a career that began at a small startup, Kri discusses the importan...

PT-2026-24575

Name of the Vulnerable Software and Affected Versions netbox-docker versions prior to 2.5.0 Description The netbox-docker software, before version 2.5.0, includes a superuser account with default credentials. Specifically, the admin account has a default password, and the SUPERUSER API TOKEN is s...

EUVD-2026-10480

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

UBUNTU-CVE-2026-23907

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...