SUSE-SU-2026:21448-1 Security update for sed

This update for sed fixes the following issue: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite bsc1262144...

Command Injection

codeigniter4/framework is vulnerable to Command Injection. The vulnerability is due to improper handling of user-controlled filenames and text content when using the ImageMagick imagick handler in the resize or text methods, which allows an attacker to execute arbitrary shell commands by supplyin...

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description A reflected XSS is possible because you echo user controlled content without sanitization in https://github.com/FalconChristmas/fpp/blob/40a636c6e38442e3674db0b85fdfc5ed8a79b823/www/changebranch.phpL25 php $branch = $GET'branch'; $command = "sudo /opt/fpp/scripts/gitbranch "...

PEAR Archive_Tar Arbitrary File Write

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/tar' class MetasploitModule 'PEAR ArchiveTar %q This module takes advantages of ArchiveTar MSFLICENSE, 'Author' = 'gwillcox-r7', Metasploit module...

PeerTweet - Decentralized Feeds using BitTorrent's DHT

BitTorrent's DHT is probably one of the most resilient and censorship-resistant networks on the internet. PeerTweet uses this network to allow users to broadcast tweets to anyone who is listening. When you start PeerTweet, it generates a hash @33cwte8iwWn7uhtj9MKCs4q5Ax7B which is similar to your...