PT-2026-46098

Impact In versions = 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers References - Fix release: v2.74....

Fedora 44 : dovecot (2026-96eeb03b88)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-96eeb03b88 advisory. CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe. CVE-2026-33603: auth: CRAM-SHA--PLUS channel binding could be faked...

Astra Linux - уязвимость в git

Git is a distributed revision control system. Versions of Git prior to 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 were vulnerable to privilege escalation on all platforms. A careless user could still be affected by the issue reported in CVE-2022-24765, for example, when...

OpenTelemetry.Resources.Azure has an unbounded HTTP response body read

Summary OpenTelemetry.Resources.Azure reads unbounded HTTP response bodies from the Azure VM remote instance metadata service endpoint into memory. This would allow an attacker-controlled endpoint or one acting as a Man-in-the-Middle MitM to cause excessive memory allocation and possible process...

EUVD-2025-206445

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

EUVD-2024-53001

Malicious code in bioql PyPI...

CVE-2025-5643

A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function consstackload in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The...

CVE-2025-5646

A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function rconsrainbowfree in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on...

ROS-20250402-02

A vulnerability in the WebTransport component of Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to the possibility of memory usage after release. Thunderbird is related to the possibility of memory usage after release. Exploitation of the vulnerability could allow a...

Improper access of prompt data by another user.

Description Another user can able to see the prompts data of a particular users. Proof of Concept let promptid be the prompt id of user 1 visit http://127.0.0.1:8080/prompts/promptid from another users user 2 session user 2 can see the user 1 promptid's data. Previously it was reported by some on...

PYSEC-2022-72

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

PYSEC-2021-119

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

What Google learned from 1 billion evil email scams

Google and researchers at Stanford University have released an in-depth study analysing 5 months of phishing / malware mails sent globally. "Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk" looked at more than a billion mails. The results were then f...

DEBIAN-CVE-2020-14152

In IJG JPEG aka libjpeg before 9d, jpegmemavailable in jmemnobs.c in djpeg does not honor the maxmemorytouse setting, possibly causing excessive memory consumption...