UBUNTU-CVE-2026-26345

SPIP before 4.4.8 contains a stored cross-site scripting XSS vulnerability in the public area triggered in certain edge-case usage patterns. The echapperhtmlsuspect function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges e.g.,...

MiracleLinux 7 : tomcat-7.0.76-16.0.1.el7.AXS7 (AXSA:2024-8731:12)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8731:12 advisory. Fix file path bug introduced by the CVE-2021-25329 fix CVEs: CVE-2021-25329 The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to...

EUVD-2025-31407

Malicious code in bioql PyPI...

Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters

Summary Rack::QueryParser in version 2.2.18 enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Details The issue arises...

CVE-2024-37372

The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...