[SECURITY] Fedora 44 Update: LabPlot-2.12.1-17.fc44

LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...

CVE-2026-41419

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

CVE-2026-41419 4ga Boards: Import Path Traversal Leads to Arbitrary File Read

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

CVE-2026-41419

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

CVE-2026-41419

The CVE describes a path traversal vulnerability in 4ga Boards prior to version 3.3.5. An authenticated user with board import privileges can cause the server to ingest arbitrary host files as board attachments during a BOARDS archive import. Once imported, those files may be downloaded via the s...

EUVD-2026-25613

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

CVE-2026-41419 4ga Boards: Import Path Traversal Leads to Arbitrary File Read

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

BIT-GITLAB-2026-1660 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...

PT-2026-35064

Name of the Vulnerable Software and Affected Versions 4ga Boards versions prior to 3.3.5 Description A path traversal issue allows an authenticated user with board import privileges to force the server to ingest arbitrary host files as board attachments during the BOARDS archive import process...

4ga Boards 路径遍历漏洞

4ga Boards is a real-time project management dashboard system developed by RAR Personal Developers. Versions of 4ga Boards prior to 3.3.5 contained a path traversal vulnerability. This vulnerability stemmed from path traversal during the import of BOARDS archives, which could lead to unauthorized...

EUVD-2026-25205

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

H2O-3 is Vulnerable to Code Injection

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

CVE-2026-3960 Remote Code Execution in h2oai/h2o-3

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

CVE-2026-3960

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

CVE-2026-3960

CVE-2026-3960 is a remote code execution in H2O-3 prior to 3.46.0.10 via the unauthenticated REST endpoint /99/ImportSQLTable. The issue stems from a MySQL-focused parameter blacklist that can be bypassed by switching the JDBC URL to a PostgreSQL URL (e.g., using socketFactory/socketFactoryArg pa...

CVE-2026-41679

Summary of CVE-2026-41679 (Paperclip) : Paperclip, a Node.js server with a React UI, is vulnerable to unauthenticated remote code execution via an Import Authorization bypass. Up to version 2026.416.0, an unauthenticated attacker can trigger full RCE on any network-accessible Paperclip instance r...

CVE-2026-41679 Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration...

H2O-3 is Vulnerable to Code Injection

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

FreeBSD : Gitlab -- vulnerabilities (73b927a6-3ecd-11f1-be20-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 73b927a6-3ecd-11f1-be20-2cf05da270f3 advisory. Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab...

PT-2026-34752

radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...