EUVD-2026-23901

python-dotenv: Symlink following in setkey allows arbitrary file overwrite via cross-device rename fallback...

DEBIAN-CVE-2026-27628

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...

PT-2024-40034 · Ez Systems · Ez Publish Legacy

Name of the Vulnerable Software and Affected Versions: eZ Publish Legacy affected versions not specified Description: The issue concerns a vulnerability in eZ Publish Legacy that could lead to XSS injection in certain configurations, particularly when all modules are disabled. This vulnerability...

CVE-2023-30849 Pimcore vulnerable to SQL Injection in Translation Export API

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually...

DEBIAN-CVE-2022-39264

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...