3358 matches found
[SECURITY] Fedora 44 Update: python-jupytext-1.19.1-4.fc44
Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...
[SECURITY] Fedora 43 Update: python-jupytext-1.19.1-4.fc43
Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...
CVE-2026-6402
A flaw was found in webpack-dev-server. When the development server operates over plain HTTP, a remote attacker can exploit a cross-origin source code exposure vulnerability. This allows a malicious website, visited by a developer, to load the bundled application source code as a script and read ...
Exposed Dangerous Method or Function
Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in Server.js, when handling non-HTTPS responses. An attacker can...
SUSE CVE-2026-43166
In the Linux kernel, the following vulnerability has been resolved: erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length are both aligned to the block size should be classified as interlaced plain extents. Otherwise, it mu...
curl: CVE-2026-8286: wrong STARTTLS connection reuse
A vulnerability was found in the Curl library that allowed a plain-text connection to reuse an existing SSL-upgraded connection without verifying the SSL configuration. This could lead to a man-in-the-middle attack if an attacker was able to intercept the initial STARTTLS upgrade. The issue was...
VMware Spring Cloud Config 日志信息泄露漏洞
VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. VMware Spring Cloud Config has a vulnerability related to log information leakage...
EUVD-2026-27729
In the Linux kernel, the following vulnerability has been resolved: erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length are both aligned to the block size should be classified as interlaced plain extents. Otherwise, it mu...
CVE-2026-43166
In the Linux kernel, the following vulnerability has been resolved: erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length are both aligned to the block size should be classified as interlaced plain extents. Otherwise, it mu...
CVE-2026-43166 erofs: fix interlaced plain identification for encoded extents
In the Linux kernel, the following vulnerability has been resolved: erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length are both aligned to the block size should be classified as interlaced plain extents. Otherwise, it mu...
CVE-2026-43166
In the Linux kernel, the following vulnerability has been resolved: erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length are both aligned to the block size should be classified as interlaced plain extents. Otherwise, it mu...
CVE-2026-43166
CVE-2026-43166 concerns the Linux kernel’s erofs filesystem. A flaw in interlaced plain extent identification occurs when the start position and on-disk physical length are not both aligned to the block size, causing plain data to be misclassified as interlaced instead of shifted. This can lead t...
CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
DEBIAN-CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
UBUNTU-CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
CVE-2026-23928 Stored XSS vulnerability in the Item history/Plain text widget
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
EUVD-2026-27530
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
CVE-2026-23928
The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...
CVE-2026-23928
CVE-2026-23928 describes a stored XSS in Zabbix widgets: the Item history widget (7.0+) or the Plain text widget (6.0) can execute injected JavaScript when HTML display is enabled. The attacker must supply the malicious script from a monitored host, and the impact varies by user viewing a dashboa...