Command Injection

Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Command Injection via the setvalue function when the section parameter is not properly validated for newline characters. An attacker can execute arbitrary code by...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization through the DeleteUpNodeLink process. An attacker can cause the application to crash and alter the in-memory user-plane topology by sending unauthenticated DELETE requests to the affected endpoint. Remediation...

GHSA-PMWQ-PJRM-6P5R in-toto-golang and in-toto-python have inconsistent negation behavior

Impact What kind of vulnerability is it? Who is impacted? in-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support negations in character classes to indicate what should not be matched, but they used different...

in-toto-golang and in-toto-python have inconsistent negation behavior

Impact What kind of vulnerability is it? Who is impacted? in-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support negations in character classes to indicate what should not be matched, but they used different...

Improper Handling of Inconsistent Special Elements

Overview Affected versions of this package are vulnerable to Improper Handling of Inconsistent Special Elements due to inconsistent handling of negation operators in glob pattern processing. An attacker can cause unintended rule matching or bypass intended restrictions by crafting layouts that ar...

CVE-2026-42195

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

CVE-2026-42195

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

Improper Certificate Validation

Overview OpenTelemetry.Exporter.Instana is an Instana Exporter for OpenTelemetry .NET Affected versions of this package are vulnerable to Improper Certificate Validation in the ConfigureBackendClient process when a proxy is configured using the INSTANAENDPOINTPROXY environment variable. An attack...

GHSA-WFR5-454P-MJC2 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured

Summary The OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the INSTANAENDPOINTPROXY environment variable. If a network attacker can Man-in-the-Middle MitM the...

GHSA-8WXP-XXP2-RCGX Volcano's webhook server vulnerable to OOM due to unbounded HTTP request body size

Impact The Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook...

Volcano's webhook server vulnerable to OOM due to unbounded HTTP request body size

Impact The Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook...

CVE-2026-43362

A flaw was found in the Linux kernel's Server Message Block SMB client. This vulnerability allows a remote attacker to cause data corruption. When an SMB client attempts to write data over an unstable connection, the in-place encryption process can lead to already encrypted data being re-sent...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44200 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44200 Source advisory: OSV:GHSA-67RV-MG8Q-5PF3...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44201 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44201 Source advisory: OSV:GHSA-P5GM-92H4-6PV6...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44199 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44199 Source advisory: OSV:GHSA-PWM3-7FV4-G6XX...

CLSA-2026-1778261513 Update of alt-php

Miscellaneous Ubuntu changes - Packaging: add tuxcare suffix Miscellaneous upstream changes - xfrm: esp: avoid in-place decrypt on shared skb frags - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present...

CLSA-2026-1778267481 Update of kernel-uek

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present - xfrm: esp: avoid in-place decrypt on shared skb frags...

CVE-2026-43341

A flaw was found in the Linux kernel's IPv6 In-situ Operations, Administration, and Maintenance IOAM6 trace fill functionality. An integer overflow vulnerability exists in the ioam6filltracedata function, where the schema length calculation can wrap around due to being stored in an 8-bit unsigned...

CLSA-2026-1778260978 Update of kernel

xfrm: esp: avoid in-place decrypt on shared skb frags...

open-webui Vulnerable to Stored XSS via Model Description

!IMPORTANT Relationship to CVE-2024-7990 CVE-2024-7990 issued by huntr.dev, March 2025 describes a stored XSS in the same field — the model description — but exploits a different bypass mechanism: a second-order injection through the sanitizeResponseContent function's video-tag placeholder...