[SECURITY] Fedora 44 Update: kf6-kapidox-6.25.0-1.fc44

Scripts and data for building API documentation dox in a standard format and style...

Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains

Summary A Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass th...

GHSA-6R77-HQX7-7VW8 Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains

Summary A Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass th...

co.luminositylabs.oss.ica.migration:legacy-data-viewer-webapp (=0.2.0), com.aripd:aricom (=1.0) +13 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=2.1 <=2.7.1)

org.omnifaces:omnifaces MAVEN version =2.1, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =1.0.0-RC1, =1.0.0, =0.1, =0.14 Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...

Apache Airflow: RCE by race condition in example_xcom dag

The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...

EUVD-2025-209465

The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...

GHSA-Q2HG-643C-GW8H Apache Airflow: RCE by race condition in example_xcom dag

The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...

CVE-2025-54550

The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...

Important: Red Hat Security Advisory: OpenShift Compliance Operator bug fix and enhancement update

An updated OpenShift Compliance Operator image that fixes various bugs and adds new enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog. The OpenShift Compliance Operator v1.9.0 is now available. See the documentation for bug fix information:...

CVE-2026-3878

The vulnerability affects the WordPress WP Docs plugin, with a Stored Cross-Site Scripting (XSS) flaw in the wpdocs_options[icon_size] parameter across all versions up to 2.2.9. The root cause is insufficient input sanitization and output escaping, allowing authenticated attackers with subscriber...

[SECURITY] Fedora 43 Update: composer-2.9.7-1.fc43

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

[SECURITY] Fedora 43 Update: python3.15-3.15.0~a8-1.fc43

Python 3.15 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.15 package provides the "python3.15" executable:...

LLM4C2Rust: Large Language Models for Automated Memory-Safe Code Transpilation

Memory safety has long been a critical challenge in software engineering, particularly for legacy systems written in memory-unsafe languages such as C and C++. Rust, one of the youngest modern programming languages, offers built-in memory-safety guarantees that make it a strong candidate for secu...

ios-26-activation-research

iOS 26 Activation Lock -- Documented Vulnerabilities Document...

MAL-2026-2673 Malicious code in chief-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4685fab18e6de4de4fba0c842db2c4ee4114ca7259b8339900078fec02724a39 The package chief-documentation was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview chief-documentation is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in chief-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4685fab18e6de4de4fba0c842db2c4ee4114ca7259b8339900078fec02724a39 The package chief-documentation was found to contain malicious code. Source: ghsa-malware...

CVE-2025-54550

The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...

PT-2026-32992

Name of the Vulnerable Software and Affected Versions Apache Airflow affected versions not specified Description An example named 'example xcom' in the documentation implemented an unsafe pattern for reading values from XCom. This could allow a UI user with permissions to modify XComs to execute...

Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write

Impact This vulnerability impacts users of zarf package inspect sbom or zarf package inspect documentation on untrusted packages. Patches 4793, now fixed in version v0.74.2 Workarounds Avoid inspecting unsigned packages Description The package inspect sbom and package inspect documentation...