OPENSUSE-SU-2026:20361-1 Security update for osc, obs-scm-bridge

This update for osc, obs-scm-bridge fixes the following issues: Changes in osc: - 1.24.0 - Command-line: - Add '--target-owner' option to 'git-obs repo fork' command - Add '--self' parameter to fix 'no matching parent repo' error message in 'git-obs pr create' - Fix 'osc aggregatepac' for scmsync...

@accordproject/template-engine contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

PT-2025-46773

Name of the Vulnerable Software and Affected Versions Bitplatform Boilerplate versions prior to 9.11.3 Description Bitplatform Boilerplate, a Visual Studio and .NET project template, contains a cross-site scripting XSS issue within the WebInteropApp/WebAppInterop component. This could allow...

EUVD-2022-34365

Malicious code in bioql PyPI...

CVE-2022-2074

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template...

SQL Injection

Overview github.com/3xxx/engineercms/models is a data management platform. Affected versions of this package are vulnerable to SQL Injection through the /project/addprojtemplet interface. An attacker can manipulate database queries and access or modify data without proper authorization by injecti...

CVE-2024-10313

CVE-2024-10313 affects iniNet Solutions SpiderControl SCADA PC HMI Editor. The vulnerability is an improper restriction of a pathname to a restricted directory (path traversal) that is triggered when loading a malicious ‘ems’ project template, allowing writing files to arbitrary directories. Repo...

Gitlab -- vulnerabilities

Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Keys can push changes to an archived repository Guests can disclose project templates GitLab instanc...

GitLab 11.2 < 13.2.10 / 13.3.0 < 13.3.7 / 13.4.0 < 13.4.2 (CVE-2020-13343)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template CVE-2020-13343 Note that Nessus has not tested for this issue but...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the possibility th...

CVE-2022-2074

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template...

CVE-2022-2074

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template...

CVE-2022-2074

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template...

CVE-2022-2074

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template...

Octopus Deploy 安全漏洞

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy. An attacker exploited the vulnerability to perform a regular expression denial of service using Variable Project...

[SECURITY] Fedora 36 Update: python-cookiecutter-2.1.1-1.fc36

A command-line utility that creates projects from cookiecutters project templates, e.g. creating a Python package project from a Python package project template...

Xxe

GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...

CVE-2020-13343

An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template...

CVE-2020-13343

An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template...