Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write

Impact This vulnerability impacts users of zarf package inspect sbom or zarf package inspect documentation on untrusted packages. Patches 4793, now fixed in version v0.74.2 Workarounds Avoid inspecting unsigned packages Description The package inspect sbom and package inspect documentation...

PT-2026-32968

Impact This vulnerability impacts users of zarf package inspect sbom or zarf package inspect documentation on untrusted packages. Patches 4793, now fixed in version v0.74.2 Workarounds Avoid inspecting unsigned packages Description The package inspect sbom and package inspect documentation...

MINI-HGXW-4M4F-XW67

Bulletin has no description...

MINI-48XV-VPGM-GWQG

Bulletin has no description...

MINI-CP35-PJ89-39R3

Bulletin has no description...

MINI-MHW6-Q4PG-G962

Bulletin has no description...

MINI-P43P-5V5J-Q82P

Bulletin has no description...

Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: sqlite: lemon-3.52.0-1.1.hum1 aarch64, x8664 sqlite-3.52.0-1.1.hum1 aarch64, x8664 sqlite-analyzer-3.52.0-1.1.hum1 aarch64, x8664 sqlite-debug-3.52.0-1.1.hum1 aarch64, x8664...

GeoNode 代码问题漏洞

GeoNode is an open-source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Versions of GeoNode prior to 4.4.5 and 5.0.2 have code vulnerabilities due to insufficient validation of the docurl parameter, which may lead to server-side request forgeing attack...

CVE-2026-39315

Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in...

MINI-74R4-HJH8-6JW4

Bulletin has no description...

On Microsoft’s Lousy Cloud Security

ProPublica has a scoop: In late 2024, the federal government's cybersecurity evaluators rendered a troubling verdict on one of Microsoft's biggest cloud computing offerings. The tech giant's "lack of proper detailed security documentation" left reviewers with a "lack of confidence in assessing th...

CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

[SECURITY] Fedora 42 Update: rust-1.94.1-1.fc42

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

MINI-399H-RPWP-WFG9

Bulletin has no description...

[SECURITY] Fedora 42 Update: python3.14-3.14.3-2.fc42

Python 3.14 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.14 package provides the "python3.14" executable:...

[SECURITY] Fedora 42 Update: python3.12-3.12.13-2.fc42

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

SUSE CVE-2026-23444

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211txprepareskb failure ieee80211txprepareskb has three error paths, but only two of them free the skb. The first error path ieee80211txprepare returning TXDROP does not free it, while...

Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow

Summary SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirecturi. Because the redirectUri configuration is silently unset by default, an attacker spoof the Host header to steal OAuth...

EUVD-2026-18688

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211txprepareskb failure ieee80211txprepareskb has three error paths, but only two of them free the skb. The first error path ieee80211txprepare returning TXDROP does not free it, while...