SUSE SLED15 / SLES15 Security Update : postgresql17 (SUSE-SU-2026:1943-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1943-1 advisory. This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: -...

BIT-AIRFLOW-2026-30898 Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf

An example of BashOperator in Airflow documentation suggested a way of passing dagrun.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advi...

CVE-2021-27582

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...

GHSA-49XW-VFC4-7P43 Fleet has an SQL Injection vulnerability via backtick escape in ORDER BY parameter

Summary A SQL Injection vulnerability in Fleet’s software versions API allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input could escape identifier quoting and b...

CVE-2022-31543

The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

EUVD-2021-1777

Malware in sbrugna...

EUVD-2021-26520

Malware in sbrugna...

EUVD-2022-53023

Malicious code in bioql PyPI...

EUVD-2025-4901

Malicious code in bioql PyPI...

CVE-2025-1302

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

Unsound usages of `std::slice::from_raw_parts`

The library breaks the safety assumptions when using unsafe API std::slice::fromrawparts. First, when using the API in iterator implementation TempFdArrayIterator.next, generic type could be any type, which would create and pass a misaligned pointer to the unsafe API. Second, when validating the...

`fast-float` has multiple soundness issues

fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...

Moodle Improper Input Validation

Unsafe direct use of $SERVER'HTTPREFERER' in admin/tool/mfa/index.php. The referrer URL used by MFA required additional sanitizing, rather than being used directly...

CVE-2022-31579

The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31582

The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31577

The longmaoteamtf/audioalignerapp repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31579

The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31553

The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31558

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31571

The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...