[SECURITY] Fedora 44 Update: plasma-nano-6.6.4-1.fc44

Minimalist Plasma shell for developing custom experiences on embedded devices...

Malicious code in pynosist (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ef7a4db1443361fe93b268c7ad8f38c5c290d5334162b57c2b534c97acbc2b5d The campaign is built from a benign-like package e.g. genosys and the malicious dependency e.g. pynosist. The dependency uses a PTH file to trigger malicious...

MAL-2026-2819 Malicious code in pynosist (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ef7a4db1443361fe93b268c7ad8f38c5c290d5334162b57c2b534c97acbc2b5d The campaign is built from a benign-like package e.g. genosys and the malicious dependency e.g. pynosist. The dependency uses a PTH file to trigger malicious...

Malicious code in genosys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2fb27cde30ea3d834e3160e37c203a1f8a271435cf92316a990766c5b8b9791c The campaign is built from a benign-like package e.g. genosys and the malicious dependency e.g. pynosist. The dependency uses a PTH file to trigger malicious...

[SECURITY] Fedora 43 Update: cef-146.0.11^chromium146.0.7680.177-2.fc43

CEF is an embeddable build of Chromium, powered by WebKit Blink...

CVE-2026-33929

A flaw was found in Apache PDFBox. A local user with writing rights to a specific directory could be exploited via a malicious PDF file when using the ExtractEmbeddedFiles example. This path traversal CWE-22 vulnerability, which allows an attacker to access files and directories outside of the...

SUSE CVE-2026-33929

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

SUSE CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

CVE-2026-39542

Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through = 2.10.13...

CVE-2026-39516

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through = 4.7.0...

CVE-2026-39564

Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through 3.6.2...

CVE-2026-39566

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through = 3.6.26...

CVE-2026-33948

A flaw was found in jq, a command-line JSON processor. This vulnerability allows a remote attacker to bypass input validation by crafting malicious JSON input containing embedded null NUL bytes. Due to incorrect handling of input buffer lengths, jq truncates the input at the first NUL byte,...

RUSTSEC-2026-0105 core2 is unmaintained, all versions yanked

The maintainer decided stop maintaining crate and yanked all published versions. Potential alternatives: - embedded-io solves the same general problem - no-std-io2 is a maintained fork...

core2 is unmaintained, all versions yanked

The maintainer decided stop maintaining crate and yanked all published versions. Potential alternatives: - embedded-io solves the same general problem - no-std-io2 is a maintained fork...

GHSA-GCJ8-76P4-G2FQ Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

UBUNTU-CVE-2026-33929

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

CVE-2026-33929

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in ExtractEmbeddedFiles. An attacker can write files to arbitrary locations outside the intended directory by crafting malicious PDF files that exploit improper handling of file path separators. Note: This issue...