CVE-2026-41674

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: alienware-wmi-wmax: Fixed the dmisystemid array. Added a missing empty member to awccdmitable...

xmldom has XML injection through unvalidated DocumentType serialization

Summary The package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any escaping or validation. When these fields are set programmatically to attacker-controlled strings, XMLSerializer.serializeToString can produce output where the DOCTYPE declaration is...

GHSA-F6WW-3GGP-FR8H xmldom has XML injection through unvalidated DocumentType serialization

Summary The package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any escaping or validation. When these fields are set programmatically to attacker-controlled strings, XMLSerializer.serializeToString can produce output where the DOCTYPE declaration is...

Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...

GHSA-5F5R-95PG-XRPM Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...

CVE-2026-40077

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

CVE-2026-40077 Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

openSUSE 16 Security Update : busybox (openSUSE-SU-2026:20090-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20090-1 advisory. Security fixes: - CVE-2025-60876: HTTP request header injection in wget bsc1253245. - CVE-2025-46394: Fixed tar hidden files via escape sequence...

SUSE-SU-2026:20134-1 Security update for busybox

This update for busybox fixes the following issues: Security fixes: - CVE-2025-60876: HTTP request header injection in wget bsc1253245. - CVE-2025-46394: Fixed tar hidden files via escape sequence bsc1241661. Other fixes: - Set CONFIGFIRSTSYSTEMID to 201 to avoid confclict bsc1236670 - Fix unshar...

SUSE-SU-2026:0236-1 Security update for busybox

This update for busybox fixes the following issues: This update for busybox fixes the following issues: Security issues: - CVE-2025-46394: Fixed tar hidden files via escape sequence CVE-2025-46394, bsc1241661 - CVE-2025-60876: Fixed HTTP request header injection in wget CVE-2025-60876, bsc1253245...

Security update for busybox

This update for busybox fixes the following issues: Security issues: CVE-2025-46394: Fixed tar hidden files via escape sequence CVE-2025-46394, bsc1241661 CVE-2025-60876: Fixed HTTP request header injection in wget CVE-2025-60876, bsc1253245 Other issues: Set CONFIGFIRSTSYSTEMID to 201 to avoid...

SUSE-SU-2026:0235-1 Security update for busybox

This update for busybox fixes the following issues: Security issues: - CVE-2025-46394: Fixed tar hidden files via escape sequence CVE-2025-46394, bsc1241661 - CVE-2025-60876: Fixed HTTP request header injection in wget CVE-2025-60876, bsc1253245 Other issues: - Set CONFIGFIRSTSYSTEMID to 201 to...

EUVD-2020-6104

Malware in sbrugna...

EUVD-2015-1726

Malware in sbrugna...

EUVD-2025-25540

Malicious code in bioql PyPI...

SUSE CVE-2025-38661

In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix dmisystemid array Add missing empty member to awccdmitable...

UBUNTU-CVE-2025-38661

In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix dmisystemid array Add missing empty member to awccdmitable...

CVE-2025-38661

In the Linux kernel (platform/x86), CVE-2025-38661 is resolved by fixing the alienware-wmi-wmax path: the dmi_system_id array was corrected by adding a missing empty member to awcc_dmi_table. The vulnerability arises from this array misconfiguration, and the CVSSv3.1 vector indicates a LOCAL, LOW...

CVE-2025-38661 platform/x86: alienware-wmi-wmax: Fix `dmi_system_id` array

In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix dmisystemid array Add missing empty member to awccdmitable...