Lucene search
K

708 matches found

EUVD
EUVD
added 2026/05/09 3:59 a.m.11 views

EUVD-2026-28896

pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...

7.8CVSS6AI score0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/09 3:59 a.m.65 views

CVE-2026-42301 Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec

pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...

7.8CVSS0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28669

In the Linux kernel, the following vulnerability has been resolved: x86/apic: Disable x2apic on resume if the kernel expects so When resuming from s2ram, firmware may re-enable x2apic mode, which may have been disabled by the kernel during boot either because it doesn't support IRQ remapping or f...

5.7AI score0.00123EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.9 views

CVE-2026-43363

In the Linux kernel, the following vulnerability has been resolved: x86/apic: Disable x2apic on resume if the kernel expects so When resuming from s2ram, firmware may re-enable x2apic mode, which may have been disabled by the kernel during boot either because it doesn't support IRQ remapping or f...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References10
OSV
OSV
added 2026/05/04 8:14 p.m.20 views

GHSA-R35X-V8P8-XVHW pyp2spec is Vulnerable to Code Injection

Impact pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine. The macro...

7.8CVSS6.1AI score0.00197EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/04 8:14 p.m.11 views

Arbitrary Code Injection

Overview pyp2spec is a Generate a valid Fedora specfile from Python package from PyPI Affected versions of this package are vulnerable to Arbitrary Code Injection in the process of writing package metadata into the generated spec file without escaping RPM macro directives. An attacker can execute...

8.5CVSS6.1AI score0.00197EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/04 8:14 p.m.9 views

pyp2spec is Vulnerable to Code Injection

Impact pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, so a malicious package can execute arbitrary commands on the build machine. The macro...

7.8CVSS6.1AI score0.00197EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/04 8:11 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...

8.6CVSS5.5AI score0.00424EPSS
Exploits2References2
Snyk
Snyk
added 2026/05/04 8:11 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...

8.6CVSS5.8AI score0.00424EPSS
Exploits2References2
Snyk
Snyk
added 2026/05/04 8:11 p.m.9 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...

8.6CVSS5.8AI score0.00424EPSS
Exploits2References2
Snyk
Snyk
added 2026/05/04 8:11 p.m.13 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the JoinWorkflowSpec process. An attacker can gain unauthorized access to host networking, override service account assignments, modify pod security contexts, add tolerations, or enable service account token...

8.6CVSS5.8AI score0.00424EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-37194

Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 3.7.14 Argo Workflows versions prior to 4.0.5 Description A user with create Workflow permission can bypass the templateReferencing: Strict and Secure restrictions. This occurs because the system only blocks th...

8.1CVSS5.8AI score0.00424EPSS
Exploits2References15
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.19 views

PT-2026-37196

Name of the Vulnerable Software and Affected Versions pyp2spec versions prior to 0.14.1 Description pyp2spec writes PyPI package metadata, such as the summary field, into generated spec files without escaping RPM macro directives. When a packager uses tools like rpmbuild -bs, rpmbuild --nobuild, ...

7.8CVSS6.2AI score0.00197EPSS
Exploits0References8
Spring Security Advisories
Spring Security Advisories
added 2026/05/04 12:0 a.m.13 views

Spring Office Hours Podcast: S5E14 - Spec Driven Development with Simon Martinelli

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this episode, Dan and DaShaun are joined by Java Champion, Vaadin Champion, and Oracle ACE Pro Simon Martinelli to talk about Spec-Driven Development. With AI reshaping how we write code, Simon makes the case th...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/05/01 3:12 a.m.7 views

[SECURITY] Fedora 44 Update: pyp2spec-0.14.1-1.fc44

pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files for Python distributions. It utilizes the benefits of pyproject-rpm-macros...

5.3AI score
Exploits0
Fedora
Fedora
added 2026/05/01 3:6 a.m.23 views

[SECURITY] Fedora 43 Update: pyp2spec-0.14.1-1.fc43

pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files for Python distributions. It utilizes the benefits of pyproject-rpm-macros...

5.3AI score
Exploits0
Fedora
Fedora
added 2026/05/01 1:27 a.m.20 views

[SECURITY] Fedora 42 Update: pyp2spec-0.14.1-1.fc42

pyp2spec is a tech preview. It is a tool generating Fedora RPM spec files for Python distributions. It utilizes the benefits of pyproject-rpm-macros...

5.3AI score
Exploits0
CVE
CVE
added 2026/05/01 12:0 a.m.25 views

CVE-2026-37457

FRRouting (FRR) stable/10.0 is affected by CVE-2026-37457 due to an off-by-one out-of-bounds write in bgp_flowspec_op_decode() within bgpd/bgp_flowspec_util.c. Attackers may cause a Denial of Service by supplying a crafted FlowSpec component. The available sources describe the vulnerability clear...

7.5CVSS5.8AI score0.00389EPSS
Exploits0References8Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/29 12:0 a.m.21 views

Beyond Code Reasoning: A Specification-Anchored Audit Framework for Expert-Augmented Security Verification

Security-critical software is routinely audited by tools that reason about vulnerabilities as repository-local code patterns. Yet specification-governed systems -- protocol stacks, consensus implementations, cryptographic libraries -- are constrained by invariants and correctness conditions defin...

5.4AI score
Exploits0
OSV
OSV
added 2026/04/15 1:43 p.m.5 views

SUSE-SU-2026:1356-1 Security update for nfs-utils

This update for nfs-utils fixes the following issue: Security fixes: - CVE-2025-12801: rpc.mountd allows a NFSv3 client to escalate their privileges and access subdirectories and subtrees of an exported directory bsc1259204. Other fixes: - Split from nfs-utils into its own spec and changelog file...

6.5CVSS5.8AI score0.00462EPSS
Exploits0References4
Rows per page
Query Builder