GO-2026-4538 Caddy MatchPath %xx branch skips case normalization in github.com/caddyserver/caddy/v2

Caddy MatchPath %xx branch skips case normalization in github.com/caddyserver/caddy/v2...

EUVD-2025-16643

Malicious code in bioql PyPI...

ALSA-2025:4669 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt

Name: ISA-2025-001: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: IBC-Go = v7; Earlier IBC-Go versions MAY also be affected. Affected users: Validator...

Linux Distros Unpatched Vulnerability : CVE-2019-9741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to...

SpiceDB binding metrics port to untrusted networks and can leak command-line flags

Background The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The /debug/pprof/cmdline endpoint served by the metrics service...