MAL-2026-4201 Malicious code in obs-migrate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ecb04d891693e925c9055e0b5c5844ebb6cf8c210000e9905bf892ab7d0674d7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2026-18417

Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values...

CVE-2026-26962

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

CVE-2026-26962 Rack: Header injection in multipart requests

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

PT-2026-29923

Summary Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result,...

PT-2026-29841

Name of the Vulnerable Software and Affected Versions Rack versions 3.2.0 through 3.2.5 Description Rack’s Rack::Multipart::Parser incorrectly unfolds folded multipart part headers. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values...

Security update for obs-service-recompress, obs-service-tar_scm (moderate)

openSUSE Security Update: Security update for obs-service-recompress, obs-service-tarscm Announcement ID: openSUSE-SU-2026:0109-1 Rating: moderate References: 1076410 1082696 1105361 1107507 1107944 1127353 1127907 1138377 1168573 1212476 1216361 927120 967265 Cross-References: CVE-2018-12473...

[SECURITY] Fedora 44 Update: rust-reqsign-huaweicloud-obs-3.0.0-1.fc44

Huawei Cloud OBS signing implementation for reqsign...

openSUSE 16 Security Update : osc, obs-scm-bridge (openSUSE-SU-2026:20361-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20361-1 advisory. Changes in osc: - 1.24.0 - Command-line: - Add '--target-owner' option to 'git-obs repo fork' command - Add '--self' parameter to fix 'no matching paren...

Security update for osc, obs-scm-bridge (moderate)

openSUSE security update: security update for osc, obs-scm-bridge ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20361-1 Rating: moderate References: bsc1230469 bsc1247410 Cross-References: CVE-2024-22038 CVSS scores: CVE-2024-22038 SUSE : 7.3...

CVE-2025-14347

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Proliz Software Ltd. OBS Student Affairs Information System0 allows Reflected XSS.This issue affects OBS Student Affairs Information System0: before 26.5009...

CVE-2025-14347

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Proliz Software Ltd. OBS Student Affairs Information System0 allows Reflected XSS. This issue affects OBS Student Affairs Information System0: before 26.5009...

EUVD-2025-203885

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Proliz Software Ltd. OBS Student Affairs Information System0 allows Reflected XSS.This issue affects OBS Student Affairs Information System0: before 26.5009...

CVE-2025-14347 Reflected XSS in Proliz's OBS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Proliz Software Ltd. OBS Student Affairs Information System0 allows Reflected XSS. This issue affects OBS Student Affairs Information System0: before 26.5009...

CVE-2025-14347 Reflected XSS in Proliz's OBS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Proliz Software Ltd. OBS Student Affairs Information System0 allows Reflected XSS. This issue affects OBS Student Affairs Information System0: before 26.5009...

CVE-2025-63891

The vulnerability CVE-2025-63891 affects SourceCodester’s Simple Online Book Store System. A remote, unauthenticated attacker can disclose the full database contents (including schema and credential hashes) by accessing a web‑accessible backup file via an unauthenticated HTTP GET to /obs/database...

CVE-2025-11956

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Proliz Software Ltd. Co. OBS Student Affairs Information System allows Stored XSS.This issue affects OBS Student Affairs Information System: before 25.0401...

EUVD-2025-37982

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Proliz Software Ltd. Co. OBS Student Affairs Information System allows Stored XSS.This issue affects OBS Student Affairs Information System: before 25.0401...

CVE-2025-11956 XSS in Proliz's OBS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Proliz Software Ltd. Co. OBS Student Affairs Information System allows Stored XSS. This issue affects OBS Student Affairs Information System: before 25.0401...

CVE-2025-11956 XSS in Proliz's OBS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Proliz Software Ltd. Co. OBS Student Affairs Information System allows Stored XSS. This issue affects OBS Student Affairs Information System: before 25.0401...