[SECURITY] Fedora 44 Update: kf6-krunner-6.25.0-1.fc44

KRunner provides a parallelized query system extendable via plugins...

[SECURITY] Fedora 44 Update: kf6-knewstuff-6.25.0-1.fc44

KDE Frameworks 6 Tier 3 module for downloading and sharing additional application data like plugins, themes, motives, etc...

[SECURITY] Fedora 44 Update: kf6-kimageformats-6.25.0-2.fc44

This framework provides additional image format plugins for QtGui. As such it is not required for the compilation of any other software, but may be a runtime requirement for Qt-based software to support certain image formats...

[SECURITY] Fedora 44 Update: kf6-kirigami-6.25.0-1.fc44

QtQuick plugins to build user interfaces based on the KDE UX guidelines...

[SECURITY] Fedora 44 Update: kf6-frameworkintegration-6.25.0-1.fc44

Framework Integration is a set of plugins responsible for better integration of Qt applications when running on a KDE Plasma workspace. Applications do not need to link to this directly...

@agent-analytics/paperclip-live-analytics-plugin (>=0.1.1 <=0.1.11), @clawjedi/paperclip-plugin-chat (>=1.0.0 <=1.0.4) +20 more potentially affected by unknown CVE via @paperclipai/shared (>=0.2.2 <=2026.416.0-canary.1)

@paperclipai/shared NPM version =0.2.2, =0.1.1, =1.0.0, =0.0.1, =0.3.1, =0.1.45, =0.1.0, =0.1.9, =2026.3.17-canary.0, =0.2.2, =0.1.0, =2026.3.17-canary.0, =0.2.2, =0.1.0, =2026.324.0-canary.0, =2026.325.0-canary.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-3PW3-V88X-XJ24...

Interpretation Conflict

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Interpretation Conflict in the propagation of middleware paths to child plugin scopes due to incorrect re-prefixing. An attacker can gain unauthorized access to protected routes by...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)

Last week, there were 157 vulnerabilities disclosed in 141 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 79 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

CVE-2026-6270

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...

CVE-2026-6270

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...

CLSA-2026-1776334207 gstreamer1-plugins-base: Fix of CVE-2026-2921

CVE-2026-2921: fix RIFF palette integer overflow...

Improper Access Control

@fastify/express is vulnerable to Improper Access Control. The vulnerability is due to incorrect path handling in the onRegister function, where middleware paths are duplicated when inherited by child plugins, causing them to not match incoming requests and resulting in bypass of security control...

GHSA-HRWM-HGMJ-7P9C @fastify/express's middleware path doubling causes authentication bypass in child plugin scopes

Summary @fastify/express v4.0.4 contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. This results in complete bypass of Express middleware security controls for all routes defined within child plugin scopes that share ...

EUVD-2026-22880

@fastify/express's middleware path doubling causes authentication bypass in child plugin scopes...

PT-2026-33320

Name of the Vulnerable Software and Affected Versions @fastify/middie versions prior to 9.3.2 Description Inherited middleware is not registered directly on child plugin engine instances. When authentication middleware is registered in a parent scope and child plugins are registered with...

Interpretation Conflict

Overview @fastify/express is an Express compatibility layer for Fastify Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of middleware paths in the onRegister function. An attacker can gain unauthorized access to protected routes by exploiting t...

CVE-2026-33807

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...

CVE-2026-33807 @fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...

CVE-2026-33807

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...

CVE-2026-33807

CVE-2026-33807 affects @fastify/express v4.0.4 and earlier. A path handling bug in onRegister doubles middleware paths when inherited by child plugins, causing the middleware to never match requests. This results in complete bypass of Express middleware security controls (authentication, authoriz...