1059 matches found
ROOT-APP-PYPI-CVE-2026-34518 CVE-2026-34518 in rootio-aiohttp - Patched by Root
Root has patched CVE-2026-34518 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...
CVE-2026-59674
CVE-2026-59674 affects openSUSE Tumbleweed surfacing a local privilege escalation in suricata packaging due to a symlink follow vulnerability in the post-install script. Connected details indicate the issue involves the libsuricata8 package (version 8.0.5-2.1 and earlier) and is fixed in 8.0.5-2....
Important: Red Hat Security Advisory: tomcat9 security, bug fix, and enhancement update
An update for tomcat9 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
[SECURITY] Fedora 44 Update: helm-4.2.2-1.fc44
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Use Helm to: - Find and use popular software packaged as Helm Charts to run in Kubernetes - Share your own applications as Helm Charts - Create reproducible builds of your Kubernetes applications -...
SUSE-SU-2026:2723-1 Security update for python311
This update for python311 fixes the following issues: Security issues fixed: - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970. Other updates and bugfixes: - Rewrite structure of Python interpreter packages...
MAL-2026-6424 Malicious code in leo-connector-mongo (npm)
The leo-connector-mongo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
SUSE-SU-2026:22128-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: Changes in google-guest-agent: Update to version 20260430.00 Update OWNERS 609 Update THIRDPARTYLICENSES to be package specific location. 608 Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump...
SUSE-SU-2026:22133-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: Update to version 20260430.00: Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 604 bsc1260264, CVE-2026-33186 Backport oslogin changes for sles16 to...
AWS Cloud Development Kit 操作系统命令注入漏洞
AWS Cloud Development Kit is an open-source software development framework developed by Amazon Web Services. It is used to define cloud infrastructure in code and configure it using AWS CloudFormation. Versions of the AWS Cloud Development Kit prior to 2.245.0 contained a vulnerability related to...
ROOT-APP-PYPI-CVE-2026-41481 CVE-2026-41481 in rootio-langchain-text-splitters - Patched by Root
Root has patched CVE-2026-41481 in the rootio-langchain-text-splitters package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-32874 CVE-2026-32874 in rootio-ujson - Patched by Root
Root has patched CVE-2026-32874 in the rootio-ujson package for Root:PyPI. Multiple fixed versions available...
Security update 5.0.8 for Multi-Linux Manager Client Tools
This update fixes the following issues: prometheus-postgresexporter: Security Fixes: CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248699 golang-github-QubitProducts-exporterexporter: Security Fixes: CVE-2022-21698: Fixed denial of service using InstrumentHandlerCount...
SUSE-SU-2026:2241-1 Security update 5.0.8 for Multi-Linux Manager Client Tools
This update fixes the following issues: prometheus-postgresexporter: - Security Fixes: - CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248699 golang-github-QubitProducts-exporterexporter: - Security Fixes: - CVE-2022-21698: Fixed denial of service using...
The vulnerability of the gf_odf_ac4_cfg_dsi_v1() function in the MP4Box packaging tool of the GPAC multimedia platform allows a hacker to cause a service failure.
The vulnerability of the gfodfac4cfgdsiv1 function, implemented by the MP4Box component of the GPAC multimedia platform, is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the dasher_process() function in the MP4Box packaging tool of the GPAC multimedia platform allows a hacker to trigger a service failure.
The vulnerability of the dasherprocess function in the MP4Box packaging tool of the GPAC multimedia platform relates to the possibility of exploiting memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the m2tsdmx_send_packet() function in the MP4Box packaging tool of the GPAC platform allows a hacker to cause a service failure.
The vulnerability of the m2tsdmxsendpacket function in the MP4Box packaging tool of the GPAC multimedia platform is related to a buffer overflow in the dynamic memory. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the gf_isom_apple_set_tag_ex() function in the MP4Box packaging tool of the GPAC multimedia platform allows a hacker to trigger a service failure.
The vulnerability of the gfisomapplesettagex function in the MP4Box packaging tool of the GPAC multimedia platform is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2026-42795
Gleam: Symlink following in Hex package export vulnerability (CVE-2026-42795) allows embedding files outside the project root into the generated Hex package. Root cause: file collection in compiler-cli/src/fs.rs uses follow_links(true) for publishable directories (e.g., src/, priv/) and add_path_...
PT-2026-45756
Name of the Vulnerable Software and Affected Versions Gleam versions 0.10.0-rc1 through 1.17.0 Description A symlink following issue in the Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleam files, native...
PyFEX: Uncovering Evasive Python-Based Threats Via Resilient and Exhaustive Path Exploration
The rapid expansion of the Python ecosystem has fueled two distinct but converging threats: adversaries increasingly target the software supply chain via the Python Package Index PyPI, while also building evasive, cross-platform malicious binaries compiled from source code written in Python...