[SECURITY] Fedora 43 Update: uv-0.10.12-1.fc43

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

EUVD-2026-16512

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...

MyTube 安全漏洞

MyTube is a video self-hosted downloader and player developed by Peifan Li. Versions of MyTube prior to 1.8.69 contained a security vulnerability. This vulnerability stemmed from the/api/settings/import-database endpoint’s authorization bypass, which could allow low-privilege attackers to upload...

Ella Core 安全漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the NetworkManager role being granted backup and restore...

PT-2026-28518

Name of the Vulnerable Software and Affected Versions MyTube versions prior to 1.8.69 Description MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.8.69, an authorization bypass exists in the /api/settings/import-database API endpoint. This bypass allows...

ALPINE-CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

EUVD-2026-15221

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in configfsopenfile In flushwritebuffer, &p-fragsem is acquired and then the loaded store function is called, which, here, is targetcoreitemdbrootstore. This function called filpopen, following...

CVE-2026-23378

A flaw was found in the Linux kernel, specifically within the networking scheduler's Ingress Forwarding Engine IFE action. When an IFE action attempts to replace metadata, it incorrectly appends new metadata instead of replacing the old. This unbounded addition of metadata can lead to an...

CVE-2026-23378

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife code is appending the new metadata. Aside from being...

UBUNTU-CVE-2026-23313

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using getcpu in the tracepoint assignment causes an obvious preempt count leak because nothing invokes putcpu to undo it: softirq: huh, entered softirq 3 NETRX with preemptcoun...

CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife code is appending the new metadata. Aside from being...

CVE-2026-23378 net/sched: act_ife: Fix metalist update behavior

In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife code is appending the new metadata. Aside from being...

CVE-2026-23313

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using getcpu in the tracepoint assignment causes an obvious preempt count leak because nothing invokes putcpu to undo it: softirq: huh, entered softirq 3 NETRX with preemptcoun...

CVE-2026-23292

CVE-2026-23292 : Linux kernel scsi: target: Fix recursive locking in __configfs_open_file(). The root cause was target_core_item_dbroot_store() attempting to open the file path (which is the same configfs file already held) using filp_open(), leading to potential nested frag_sem locking. The fix ...

kernel: sctp: avoid NULL dereference when chunk data buffer is missing

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

CVE-2025-41660 CODESYS Control Boot Application Replacement Enables Code Execution

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...

CVE-2025-41660 CODESYS Control Boot Application Replacement Enables Code Execution

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...

CVE-2025-41660

The CVE-2025-41660 entry concerns CODESYS Control runtime system. According to sources, a low-privileged remote attacker may replace the boot application, enabling unauthorized code execution on the target. This is characterized as a network-accessible issue with low attack complexity and privile...

CVE-2026-27977

A CSRF check bypass flaw has been discovered in Next.js. In the next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing privacy-sensitive/opaque contexts for example sandboxed documents to connect...

CVE-2026-23245

In the Linux kernel, the following vulnerability has been resolved: net/sched: actgate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump path is walking the schedule list. Convert the parameters to an RCU-protected snapshot and swap update...