CVE-2026-42335 MaxKB: SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing Discrepancy

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

EUVD-2024-37391

Malicious code in bioql PyPI...

SUSE-SU-2025:03449-1 Security update for cairo

This update for cairo fixes the following issues: - CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 - Update to version 1.18.4: + The dependency on LZO has been made optional through a build time configuration toggle. + You can build Cairo against a Freetype installation that do...

SUSE-SU-2022:1265-1 Security update for jsoup, jsr-305

This update for jsoup, jsr-305 fixes the following issues: - CVE-2021-37714: Fixed infinite in untrusted HTML or XML data parsing bsc1189749. Changes in jsr-305: - Build with java source and target levels 8 - Upgrade to upstream version 3.0.2 Changes in jsoup: - Upgrade to upstream version 1.14.2...

CVE-2015-0796

In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service...

Open redirect

In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service...

CVE-2015-0796

In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service...

CVE-2015-0796

The vulnerability CVE-2015-0796 affects the Open Build Service: versions 2.6 before 2.6.3, 2.5 before 2.5.7, and 2.4 before 2.4.8. The patch application in the source service could generate non-standard files (e.g., symlinks or device nodes), which may allow buildservice users to break confinemen...

[SECURITY] Fedora 27 Update: osc-source_validator-0.10-1.fc27

This is a source service for openSUSE Build Service. This service runs all checks as required by openSUSE:Factory project. This can be used to guarantee that all checks succeed also on the service side. This plugin can be used via project wide defined services...

[SECURITY] Fedora 26 Update: osc-source_validator-0.10-1.fc26

This is a source service for openSUSE Build Service. This service runs all checks as required by openSUSE:Factory project. This can be used to guarantee that all checks succeed also on the service side. This plugin can be used via project wide defined services...