[SECURITY] Fedora 42 Update: coturn-4.11.0-1.fc42

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

[SECURITY] Fedora 44 Update: coturn-4.11.0-1.fc44

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

CVE-2026-40872

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

EUVD-2026-24254

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

CVE-2026-35052

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...

CVE-2026-35052

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...

CVE-2026-35052 D-Tale affected by Remote Code Execution through redis/shelf storage

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...

CVE-2026-35052 D-Tale affected by Remote Code Execution through redis/shelf storage

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...

CVE-2026-35052

D-Tale (Flask backend + React frontend) prior to version 3.22.0 is vulnerable when hosted publicly with Redis or shelf storage, allowing remote code execution on the server. The issue stems from how the global state/storage could be exploited; upgrading to 3.22.0 fixes the vulnerability. Affected...

CVE-2026-35052

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3.22.0, users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the...

Man D-Tale 跨站脚本漏洞

Man D-Tale is a visualization tool for pandas data structures within the Man company. Versions of Man D-Tale prior to 3.22.0 contained a cross-site scripting vulnerability. This vulnerability could lead to remote code execution attacks when using Redis or Shelf storage layers...

PT-2026-30710

Name of the Vulnerable Software and Affected Versions distribution versions 3.0.x and earlier, versions 2.8.x and earlier when redis blob descriptor cache and delete are both enabled Description distribution, a toolkit for managing container content, is susceptible to a confidentiality issue. Whe...

Remote Code Execution

D-Tale is vulnerable to Remote Code Execution. The vulnerability is due to the use of redis or shelf storage layer, where users hosting D-Tale publicly could allow attackers to run malicious code on the server...

GHSA-436G-FHFC-9G5W D-Tale: Remote Code Execution through redis/shelf storage

Impact Users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.22.0. Workarounds There are no workarounds for versions 3.22.0...

D-Tale: Remote Code Execution through redis/shelf storage

Impact Users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.22.0. Workarounds There are no workarounds for versions 3.22.0...

Cross-site Scripting (XSS)

Overview dtale is a Web Client for Visualizing Pandas Objects Affected versions of this package are vulnerable to Cross-site Scripting XSS through the DtaleRedis.get and shelf storage code in dtale/globalstate.py. An attacker can run arbitrary code on the server by supplying a crafted pickle...

[SECURITY] Fedora 43 Update: coturn-4.9.0-1.fc43

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

CVE-2026-21874 NiceGUI has Redis connection leak via tab storage causes service degradation

NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never released, leading to service degradation wh...

EUVD-2021-9340

Malicious code in bioql PyPI...