CVE-2026-40470 Hackage package and doc upload stored XSS vulnerability

A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main hackage.haskell.org domain. As a consequence, when a user with latent HTTP credentials browses...

CVE-2026-40470

A critical XSS vulnerability (CVE-2026-40470) affected hackage-server and hackage.haskell.org . HTML/JavaScript from source packages or documentation uploads were served directly on the main domain, enabling an attacker with malicious upload to hijack latent HTTP credentials and perform actions t...

Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.20.4

The 1.20.4 GA release of Red Hat OpenShift Pipelines Operator.. For more details see product documentation. The 1.20.4 release of Red Hat OpenShift Pipelines Operator...

[SECURITY] Fedora 43 Update: pie-1.4.1-1.fc43

PIE PHP Installer for Extensions. PIE can install an extension to any installed PHP version. A list of extensions that support PIE can be found on https://packagist.org/extensions. Documentation: /usr/share/doc/pie/docs/usage.md...

[SECURITY] Fedora 43 Update: python3-docs-3.14.4-1.fc43

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

[SECURITY] Fedora 42 Update: pie-1.4.1-1.fc42

PIE PHP Installer for Extensions. PIE can install an extension to any installed PHP version. A list of extensions that support PIE can be found on https://packagist.org/extensions. Documentation: /usr/share/doc/pie/docs/usage.md...

[SECURITY] Fedora 43 Update: python-pillow-11.3.0-8.fc43

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs20: nodejs20-20.20.2-1.hum1 aarch64, x8664 nodejs20-bin-20.20.2-1.hum1 noarch nodejs20-devel-20.20.2-1.hum1 aarch64, x8664 nodejs20-docs-20.20.2-1.hum1 noarch...

BIT-AIRFLOW-2026-30898 Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf

An example of BashOperator in Airflow documentation suggested a way of passing dagrun.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advi...

MINE-CYBERSECURITY-PROJECT-1

MINE-CYBERSECURITY-PROJECTS This repository contains advanced...

API Security Based on Automatic OpenAPI Mapping

This paper presents Map Reduce Graph MRG, a novel unsupervised method for modeling and securing HTTP REST APIs. MRG learns API structure from real-world traffic without prior knowledge or labels, automatically generating OpenAPI-compliant documentation by reconstructing routes, methods, and...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ngtcp2: ngtcp2-1.22.1-1.hum1 aarch64, x8664 ngtcp2-crypto-gnutls-1.22.1-1.hum1 aarch64, x8664 ngtcp2-crypto-gnutls-devel-1.22.1-1.hum1 aarch64, x8664 ngtcp2-crypto-ossl-1.22.1-1.hum1 aarch64, x86...

PT-2026-33778

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.4 Description The Cassandra export module glances/exports/glances cassandra/ init .py interpolates configuration values directly into CQL statements without validation. A user with write access to glances.conf can...

PT-2026-33777

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.4 Description A Server-Side Request Forgery SSRF issue exists in the Glances IP plugin due to improper validation of the public api configuration parameter. The value of public api is passed directly to the urlope...

[SECURITY] Fedora 43 Update: python3.12-3.12.13-3.fc43

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

BIT-AIRFLOW-2025-54550 Apache Airflow: RCE by race condition in example_xcom dag

The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...

GHSA-3JFP-46X4-XGFJ yard: Possible arbitrary path traversal and file access via yard server

Impact A path traversal vulnerability was discovered in YARD = 0.9.41 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The original patch in GHSA-xfhh-rx56-rxcr wa...

MINI-688J-XFGJ-8JF8

Bulletin has no description...

PT-2026-37120

Name of the Vulnerable Software and Affected Versions YARD versions prior to 0.9.42 Description A path traversal issue exists when using yard server to serve documentation. This flaw allows unsanitized HTTP requests to access arbitrary files on the host machine under certain conditions. Path...

[SECURITY] Fedora 44 Update: kf6-kdoctools-6.25.0-1.fc44

Provides tools to generate documentation in various format from DocBook files...