GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

[SECURITY] Fedora 43 Update: perl-Net-Statsd-0.13-1.fc43

This module implements a client for a statsd statistics collection server, su ch as the one in use at Etsy.com. You want to use this module to track statistics in your Perl application, such as how many times a certain event occurs user logins in a web application, or database queries issued, or...

[SECURITY] Fedora 43 Update: perl-Archive-Tar-3.04-522.fc43

Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support...

[SECURITY] Fedora 44 Update: perl-Net-Statsd-0.13-1.fc44

This module implements a client for a statsd statistics collection server, su ch as the one in use at Etsy.com. You want to use this module to track statistics in your Perl application, such as how many times a certain event occurs user logins in a web application, or database queries issued, or...

EUVD-2026-37967

HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit...

EUVD-2026-37969

Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied 'next' query/form parameter without confirming the target pointed back inside pgAdmin, so an authenticated victim who clicked /mfa/validate?next= -- a link typically...

EUVD-2026-37964

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

EUVD-2026-37962

PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of...

EUVD-2026-37966

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/updateconnection/// -- were the only routes in the module missing the @pgaloginrequired decorator. Both reach a pickle.loads sink on session'gridData''commandobj':...

AutoJack: How a single page can RCE the host running your AI agent

In this article 1. Why we are looking at agent frameworks 1. What is AutoGen Studio 2. The AutoJack chain at a glance 3. Anatomy of the chain 1. Issue 1: Origin allowlist that the agent itself defeats 2. Issue 2: Auth middleware that opts MCP out 3. Issue 3: serverparamsfrom the URL is the comman...

CVE-2026-12050

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

CVE-2026-12049

Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied 'next' query/form parameter without confirming the target pointed back inside pgAdmin, so an authenticated victim who clicked /mfa/validate?next= -- a link typically...

CVE-2026-12047

HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit...

CVE-2026-12046

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/updateconnection/// -- were the only routes in the module missing the @pgaloginrequired decorator. Both reach a pickle.loads sink on session'gridData''commandobj':...

RLSA-2026:26533 Important: dracut security update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

dracut security update

An update is available for dracut. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dracut packages contain an event-driven initial RAM file system initramfs...

RLSA-2026:26534 Important: dracut security update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

dracut security update

An update is available for dracut. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dracut packages contain an event-driven initial RAM file system initramfs...

7zip-rar5-motw-chain-poc

7-Zip RAR5 MotW/ADS Full-Chain PoC This repository contains a...

Exploit for SQL Injection in Litellm

CVE-2026-42208 — LiteLLM Pre-Auth SQL Injection Lab A local l...