4398 matches found
CVE-2026-3721
A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java of the component Help Documentation Module. This manipulation causes...
CVE-2026-3721 1024-lab/lab1024 SmartAdmin Help Documentation HelpDocAddForm.java cross site scripting
A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java of the component Help Documentation Module. This manipulation causes...
CVE-2026-3721
A weakness has been identified in 1024-lab/lab1024 SmartAdmin up to 3.29. The affected element is an unknown function of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/helpdoc/domain/form/HelpDocAddForm.java of the component Help Documentation Module. This manipulation causes...
PT-2026-23927
Name of the Vulnerable Software and Affected Versions 1024-lab/lab1024 SmartAdmin versions prior to 3.29 Description A cross site scripting issue exists in the Help Documentation Module of 1024-lab/lab1024 SmartAdmin. The issue is related to an unknown function within the file...
[SECURITY] Fedora 42 Update: python3.11-3.11.14-5.fc42
Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...
[SECURITY] Fedora 44 Update: python3.10-3.10.19-4.fc44
Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...
WeKan 授权问题漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan from 8.31.0 to 8.33 contained vulnerabilities related to authorization. These vulnerabilities stemmed from the lack of field filtering during the publication of user documentation, which could lead to the exposure...
Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.20.3
The 1.20.3 GA release of Red Hat OpenShift Pipelines Operator.. For more details see product documentation. The 1.20.3 release of Red Hat OpenShift Pipelines Operator...
Moderate: Red Hat Security Advisory: Red Hat Developer Hub 1.9.0 release.
Red Hat Developer Hub 1.9.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.15.3
The 1.15.3 GA release of Red Hat OpenShift Pipelines Operator.. For more details see product documentation. The 1.15.3 release of Red Hat OpenShift Pipelines Operator...
MINI-4GG2-C7HM-8VVJ
Bulletin has no description...
OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode
Summary When tools.exec.safeBins contained a binary without an explicit safe-bin profile, OpenClaw used a permissive generic fallback profile. In allowlist mode, that could let interpreter-style binaries for example python3, node, ruby execute inline payloads via flags like -c. This requires...
PT-2026-22775
Name of the Vulnerable Software and Affected Versions HomeBox versions prior to 0.24.0 Description HomeBox, a home inventory and organization system, has an issue where the authentication rate limiter authRateLimiter incorrectly identifies client IP addresses. The rate limiter uses the X-Real-IP...
Fedora 45 : gst-devtools / gst-editing-services / gstreamer1 / gstreamer1-doc / etc (2026-a8009a6ebe)
The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-a8009a6ebe advisory. 1.28.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issue but h...
cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled cgo binary. An attacker could exploit this to embed and execute arbitrary...
[SECURITY] Fedora 42 Update: python3-docs-3.13.12-1.fc42
The python3-docs package contains documentation on the Python 3 programming language and interpreter...
[SECURITY] Fedora 42 Update: python3.15-3.15.0~a6-1.fc42
Python 3.15 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.15 package provides the "python3.15" executable:...
[SECURITY] Fedora 43 Update: python3.15-3.15.0~a6-1.fc43
Python 3.15 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.15 package provides the "python3.15" executable:...
Malicious Package
Overview clawdist is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...
Malicious Package
Overview polyutil is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is...