[SECURITY] Fedora 44 Update: kf6-kded-6.25.0-1.fc44

KDED stands for KDE Daemon which isn't very descriptive. KDED runs in the background and performs a number of small tasks. Some of these tasks are built in, others are started on demand. Custom KDED modules can be provided by 3rd party frameworks and applications...

[SECURITY] Fedora 44 Update: extra-cmake-modules-6.25.0-1.fc44

Additional modules for CMake build system needed by KDE Frameworks...

GHSA-XHMJ-RG95-44HV Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...

Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...

[SECURITY] Fedora 42 Update: perl-5.40.4-520.fc42

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

CVE-2026-40960

Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...

CVE-2026-40960

CVE-2026-40960 : Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. When at least one mod is listed as secure.trusted_mods or secure.http_mods , a crafted mod can intercept the request for the insecure environment or HTTP API and also gain access to it. This vul...

Luanti 安全漏洞

Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti prior to 5.5.2 contained security vulnerabilities. These vulnerabilities were caused by improper security environment configuration, which could allow custom modules to...

Fedora 44 : aurorae / bluedevil / breeze-gtk / extra-cmake-modules / etc (2026-fe3d8d4767)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-fe3d8d4767 advisory. Frameworks 6.25.0 + KDE Plasma 6.6.4 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nginx: nginx-1.30.0-1.hum1 aarch64, x8664 nginx-all-modules-1.30.0-1.hum1 noarch nginx-core-1.30.0-1.hum1 aarch64, x8664 nginx-filesystem-1.30.0-1.hum1 noarch nginx-mod-devel-1.30.0-1.hum1 aarch6...

CVE-2026-6245

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

CVE-2026-6245 Sssd: out-of-bounds read in the sssd

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

EUVD-2026-22840

Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

MGASA-2026-0097 Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Upstream kernel version 6.6.130 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel...

org.bouncycastle:bcmail-jdk14 (>=1.74 <=1.83), org.bouncycastle:bcpg-jdk14 (>=1.74 <=1.83) +11 more potentially affected by CVE-2026-0636 via org.bouncycastle:bcprov-jdk14 (>=1.74 <=1.83)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.74, =1.74, =1.74, =1.74, =1.74, =1.74, =0.2.5, =1.0.1-rc.1, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.3.2 Source cves: CVE-2026-0636 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075252...

CVE-2026-5598 Non-constant time comparisons risk private key leakage in FrodoKEM.

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...

CVE-2026-5088 Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

CVE-2026-5088

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

perl:5.32 security update

An update is available for module.perl-CPAN-DistnameInfo, module.perl-Text-Diff, module.perl-Carp, perl-Data-Section, perl-Pod-Simple, perl-File-Fetch, perl-parent, perl-CPAN-Meta, module.perl-Exporter, module.perl-File-Fetch, perl-Pod-Usage, module.perl-Pod-Checker,...

CVE-2026-34261 Missing Authorization check in SAP Business Analytics and SAP Content Management

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...