CVE-2026-44345

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...

BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043)

The same Dockerfile template that mishandles envs.name pending GHSA-w2pm-x38x-jp44 also interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious bento.yaml with a multi-line docker.baseimage value smuggles arbitrary Dockerfile directives into the generated...

PT-2026-39663

Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.39 Description BentoML is a Python library used for building online serving systems optimized for AI applications and model inference. The issue occurs because the template src/bentoml/...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ansible (UTSA-2026-017461)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017461 advisory. A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is...

GHSA-C67R-GC9J-2QF7 Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Content-Length` header

Summary Bandit is vulnerable to CL.CL HTTP request smuggling: it silently accepts requests with two Content-Length headers whose values differ, takes the first value, and dispatches the body bytes as a second pipelined request on the same keep-alive connection. RFC 9110 §5.3 prohibits multiple...

Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur when facts used in the template do not include special template characters, especially if the user attempts to embed templates within multi-line YAML strings. This flaw allows...

JLSEC-2026-61

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

Zabbix 安全漏洞

Zabbix is an open-source monitoring system developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities, which stem from improper regular expression validation in multi-line modes. This could...

EUVD-2019-0514

Malware in sbrugna...

EUVD-2003-0201

Malware in sbrugna...

EUVD-2011-1717

Malware in sbrugna...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xz (UTSA-2025-986157)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986157 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file nam...

EUVD-2024-3100

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-8794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerabilit...

CVE-2025-54377

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks \n in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or validation logic to prevent...

CVE-2025-54377 Roo Code Lacks Line Break Validation in its Command Execution Tool

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks \n in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or validation logic to prevent...

SUSE CVE-2025-22604

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ssnetsnmpdiskio or ssnetsnmpdiskbytes, a part of each OID will be used as a key in an array that is...

jenkins: Exposure of multi-line secrets through error messages

A flaw was found in Jenkins. Certain versions do not redact multi-line secret values in error messages generated for form submissions involving the secretTextarea form field...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...