RLSA-2026:18065 Important: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

CVE-2026-34984 External Secrets Operator has DNS exfiltration via getHostByName in its v2 template engine

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...

CVE-2026-23954

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

CVE-2026-23954 Incus container image templating arbitrary host file read and write

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file...

Incus container image templating arbitrary host file read and write

Summary A user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group can use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write, ultimately resulting in arbitrary command...

Linux Distros Unpatched Vulnerability : CVE-2026-23954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image e.g a...

PT-2026-4295

Name of the Vulnerable Software and Affected Versions Incus versions 6.21.0 and below IncusOS affected versions not specified Description Incus is a system container and virtual machine manager. A flaw exists where a user capable of launching containers with custom images e.g., a member of the...

Apache OFBiz 安全漏洞

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A security vulnerability exists in Apache OFBiz versions prior to 18.12.17 through 18.12.18 that stems from...

ansible-core: Unsafe Tagging Bypass via hostvars Object in Ansible-Core

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...

Exploit for CVE-2024-7954

🚀 SPIP Unauthenticated RCE Exploit !Exploit Execution./img...

Cross-site Scripting (XSS)

Overview vapor/leaf-kit is an an expressive, performant, and extensible templating language built for Swift. Affected versions of this package are vulnerable to Cross-site Scripting XSS with untrusted user input. If an attacker managed to find a variable that was rendered with their unsanitized...

PT-2021-23968 · Jinja2 +1 · Jinja2 +1

Name of the Vulnerable Software and Affected Versions: vault-cli versions prior to 3.0.0 Description: The issue concerns the ability of vault-cli to render templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of the secret as a Jinja2...

CVE-2019-10909: Escape validation messages in the PHP templating engine

More info at https://symfony.com/cve-2019-10909...