RLSA-2026:19013 Moderate: delve security update

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...

CLEANSTART-2026-IY92636 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succ...

Multiple security vulnerabilities affect the percona-xtradb-cluster-operator package. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it...

yggdrasil security update

An update is available for yggdrasil. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list yggdrasil is a system daemon that subscribes to topics on an MQTT broker a...

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the pluginImport.json.php endpoint. An attacker can execute arbitrary code on the server by tricking an authenticated admin into...

ALSA-2026:3298 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

EUVD-2016-4848

Malware in sbrugna...

EUVD-2016-4836

Malware in sbrugna...

EUVD-2009-2161

Malware in sbrugna...

EUVD-2024-1178

Malicious code in bioql PyPI...

EUVD-2022-4008

Malicious code in bioql PyPI...

EUVD-2024-46429

Malicious code in bioql PyPI...

Fedora 42 : perl-Plack-Middleware-Session (2025-ca07c36a0a)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ca07c36a0a advisory. This update upgrade the package to version 0.36. This version fixes CVE-2025-40923 by using Crypt::SysRandom to generate secure session IDs. Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2016-3835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x befor...

PrivateGPT 安全漏洞

PrivateGPT is an AI project. PrivateGPT has a security vulnerability that stems from a lack of secure session management implementation and a weak CORS policy, resulting in a cross-site request forgery CSRF vulnerability. An attacker could use this vulnerability to trigger a data poisoning attack...

Session Fixation

@festify/secure-session is vulnerable to a Session Fixation. This vulnerability is due to the session removal process where even after marking the session for deletion, an attacker could continue using it...

CVE-2024-31999

@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...

CVE-2024-31999

The CVE-2024-31999 issue affects @festify/secure-session used with Fastify. The vulnerability arises in the session removal process: after a session is marked for deletion, an attacker who can access the cookie could continue to reuse it, effectively retaining access across requests. Public detai...

CVE-2024-31999 @fastify/secure-session: Reuse of destroyed secure session cookie

@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...

CVE-2024-31999 @fastify/secure-session: Reuse of destroyed secure session cookie

@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...

@artgenio/core (>=0.6.3 <=0.7.1), @assert-server/core (>=1.0.0 <=1.0.2) +21 more potentially affected by CVE-2024-31999 via @fastify/secure-session (>=4.1.1 <=7.1.0)

@fastify/secure-session NPM version =4.1.1, =0.6.3, =1.0.0, =1.1.2, =1.0.0, =1.0.1, =0.1.1, =0.1.0, =0.7.0, =1.0.8, =0.5.1, =0.1.4, =0.0.1, =0.0.1, =1.0.0-1, =1.0.0-3 and more Source cves: CVE-2024-31999 Source advisory: OSV:GHSA-9WWP-Q7WQ-JX35...