python311-intake-2.0.9-1.1 on GA media (moderate)

python311-intake-2.0.9-1.1 on GA media Announcement ID: openSUSE-SU-2026:10426-1 Rating: moderate Cross-References: CVE-2026-33310 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

CVE-2026-33310

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

SUSE CVE-2026-33310

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

OPENSUSE-SU-2026:10426-1 python311-intake-2.0.9-1.1 on GA media

These are all security issues fixed in the python311-intake-2.0.9-1.1 package on the GA media of openSUSE Tumbleweed...

Command Injection

Overview intake is a Data catalog, search and load Affected versions of this package are vulnerable to Command Injection via the catalog parsing when the shell syntax is used within parameter default values. An attacker can execute arbitrary commands on the host system by crafting a malicious...

ddsapi (>=0.6.0b5 <=0.7.1), gandharva (=0.0.1) +9 more potentially affected by CVE-2026-33310 via intake (>=2.0.0a2 <=2.0.8)

intake PYPI version =2.0.0a2, =0.6.0b5, =0.2.7, =0.2.4, =0.6.2, =0.0.1, =0.6.4, =0.18.0, =0.19.4 Source cves: CVE-2026-33310 Source advisory: SNYK:PYTHON-INTAKE-15763544...

CVE-2026-33310

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

CVE-2026-33310 Intake has a Command Injection via shell() Expansion in Parameter Defaults

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

CVE-2026-33310 Intake has a Command Injection via shell() Expansion in Parameter Defaults

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

CVE-2026-33310 Intake has a Command Injection via shell() Expansion in Parameter Defaults

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

Intake 代码注入漏洞

Intake is an open-source Python toolkit for data loading and processing. Versions of Intake prior to 2.0.9 had a code injection vulnerability. This vulnerability stemmed from the automatic expansion of shell syntax during directory parsing, which could lead to the execution of host system command...

access-intake-esm (>=2026.4.17 <=2026.4.19), access-nri-intake (>=0.0.2 <=1.6.0) +185 more potentially affected by CVE-2026-33310 via intake (>=0.4.4 <=2.0.9)

intake PYPI version =0.4.4, =2026.4.17, =0.0.2, =0.1.0, =1.0.0, =1.5.0, =0.21.0, =1.1.0, =2024.6.4.1, =0.13.0, =0.8.0, =0.1.0a1, =0.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2026-33310 Source advisory: OSV:GHSA-37G4-QQQV-7M99...

CVE-2026-27839 wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup

wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition...

Friday Squid Blogging: Pilot Whales Eat a Lot of Squid

Short-finned pilot wales Globicephala macrorhynchus eat at lot of squid: To figure out a short-finned pilot whale's caloric intake, Gough says, the team had to combine data from a variety of sources, including movement data from short-lasting tags, daily feeding rates from satellite tags, body...

web.intake.education Cross Site Scripting vulnerability OBB-3199993

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

analytics-zoo (>=0.2.0 <=0.10.0), azureml-webservice-schema (>=0.1.57 <=1.0.33) +33 more potentially affected by CVE-2020-9480 via pyspark (>=2.1.2 <=2.4.5)

pyspark PYPI version =2.1.2, =0.2.0, =0.1.57, =0.11.0, =0.1.2, =0.1.0, =1.0.0, =0.8.0, =0.2.1, =0.2.64 - intake-hive =0.1.0 - j11hail =0.2.53 - jmetalpy =0.9.0 - md2k-cerebral-cortex =3.0.0 and more Source cves: CVE-2020-9480 Source advisory: OSV:GHSA-WGX7-JWWM-CGJV...

Early user can break addLiquidity

Handle WatchPug Vulnerability details uint256 totalLiquidityUnits = totalSupply; if totalLiquidityUnits == 0 liquidity = nativeDeposit; // TODO: Contact ThorChain on proper approach In the current implementation, the first liquidity takes the nativeDeposit amount and uses it directly. However,...

WordPress Fitness Calculators 1.9.5 Cross Site Request Forgery

Exploit Title: WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery CSRF Date: 2/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/fitness-calculators/ Version: 1.9.5 Tested on: Windows 10 CVE: CVE-2021-24272 1. Description: The plugin add calculators for Water...

WordPress Fitness Calculators 1.9.5 Plugin - Cross-Site Request Forgery Vulnerability

Exploit Title: WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery CSRF Author: 0xB9 Software Link: https://wordpress.org/plugins/fitness-calculators/ Version: 1.9.5 Tested on: Windows 10 CVE: CVE-2021-24272 1. Description: The plugin add calculators for Water intake, BMI...

WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)

Exploit Title: WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery CSRF Date: 2/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/fitness-calculators/ Version: 1.9.5 Tested on: Windows 10 CVE: CVE-2021-24272 1. Description: The plugin add calculators for Water...