272 matches found
[SECURITY] Fedora 43 Update: python-django-haystack-3.4.0-1.fc43
Haystack provides modular search for Django. It features a unified, familiar API that allows you to plug in different search backends such as Solr, Elasticsearch, Whoosh, Xapian, etc. without having to modify your code. Haystack is BSD licensed, plays nicely with third-party app without needing t...
[SECURITY] Fedora 44 Update: python-django-haystack-3.4.0-1.fc44
Haystack provides modular search for Django. It features a unified, familiar API that allows you to plug in different search backends such as Solr, Elasticsearch, Whoosh, Xapian, etc. without having to modify your code. Haystack is BSD licensed, plays nicely with third-party app without needing t...
CVE-2026-55693
Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...
DRUPAL-CONTRIB-2026-060
The optional Paragraphs Library module allows the reuse of paragraphs in multiple places. The module doesn't sufficiently restrict access to unpublished library items in lists. This vulnerability is mitigated by the fact the paragraphs\library module must be in use, and that an attacker must have...
CVE-2026-53693 MISP BSimVis stored cross-site scripting in tag and cluster rendering paths via unescaped tag metadata and UI labels
A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...
CVE-2026-45286 Nextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint
Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...
CVE-2026-45286
CVE-2026-45286 affects Nextcloud Open Source Content Collaboration Platform. An authenticated user could enumerate other users on the same instance by abusing the Calendar app’s endpoint for suggesting attendees; standard sharing restrictions did not apply to that endpoint. Impacted versions are ...
CVE-2026-45286 Nextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint
Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...
Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers
Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...
Cross-site Scripting (XSS)
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via entity suggestions whilst adding a link to CKEditor5. An attacker can execute arbitrary scripts in...
PT-2026-38406
Name of the Vulnerable Software and Affected Versions Vercel CLI versions 50.16.0 through 52.0.0 Description When running in non-interactive mode via the --non-interactive flag or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads containing suggested follow-up...
CLSA-2026-1777942724 vim: Fix of 3 CVEs
CVE-2021-3928: fix reading uninitialized memory in spell suggestions spellsuggest.c - CVE-2022-1616: fix buffer overflow in invalid command with composing chars exdocmd.c - CVE-2022-1620: fix NULL pointer dereference when using invalid pattern buffer.c...
DRUPAL-CORE-2026-003
Drupal 11.3 comes with support for completing entity suggestions whilst adding a link to CKEditor 5. The suggestions aren't sufficiently sanitized and a malicious user could trigger a stored cross site scripting attack against another user...
PT-2026-33242
Name of the Vulnerable Software and Affected Versions Drupal core versions 11.3.0 through 11.3.6 Description Drupal core contains an issue where entity suggestions provided during the process of adding a link to CKEditor 5 are not sufficiently sanitized. This allows a malicious user to trigger a...
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003
Drupal 11.3 comes with support for completing entity suggestions whilst adding a link to CKEditor 5. The suggestions aren't sufficiently sanitized and a malicious user could trigger a stored cross site scripting attack against another user...
The Code Whisperer: LLM and Graph-Based AI for Smell and Vulnerability Resolution
Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language...
Ja4Scanner
Ja4Scanner — Bug Bounty Hunter's Toolkit A Python CLI tool fo...
PT-2026-28635
Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.1.10 Drupal AI versions 1.2.0 through 1.2.11 Description An incorrect authorization issue exists in Drupal AI Artificial Intelligence that allows for resource injection. The module and certain submodules AI...
Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning
Artificial intelligence AI company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security , is currently available in a limited research preview to...
a-gpt (>=0.1.0 <=0.4.0), abacuz (=0.1.1) +1061 more potentially affected by unknown CVE via git2 (>=0.10.0 <=0.1.21)
git2 CARGO version =0.10.0, =0.1.0, =1.1.0, =0.0.1, =0.3.0, =1.0.0, =0.1.0, =0.3.3 - amisgitpm =0.0.1 - amp =0.6.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0008...